How To Test User Enumeration

You receive an output as in this example. The rescan will work correctly if remove is used first (as your 3 rd test). And, spring, summer and winter are values of type season. it is one of the values within an enumeration of valid account types. and note that. Stealthier (requires one packet/user account, whereas LSA uses at least 10 packets while SAMR uses half that; additionally, LSA makes a lot of noise in the Windows event log (LSA enumeration is the only script I (Ron Bowes) have been called on by the administrator of a box I was testing against). Here let us test if a user called "root" exists on the target system as shown below. I have a set of some known user names to test with, along with the login screen URLs. This would let the user input any value at all and, almost as bad, force the user to know the range of values that the enum could take on. If a valid device ID and vendor ID are found, then there is a PCI unit there and it will be enumerated. I am unsure how the device in the bus. Whether it can be bypassed or not. Is there a quicker way of doing it than this? private bool InputIsWithinRange(ref int accountType). You can change default values of enum elements during declaration (if necessary). This article explains about retrieving values from a List or ArrayList using Iterator, using get method and using Enumeration. I'm not sure what's different in the remove case, but it looks like if you do remove it, the rescan function will do full enumeration rather than just the bar that was there previously. Enum: Using the Name() and toString() Methods Correctly With Java Enums, there are two similar, but different methods that are commonly used: name() and toString(). Use Case Workaround. When we use the user name does not exist to connect ssh server, SSHD will be based BLOWFISH algorithm to generate a fake password, but if the user name exists, SSHD uses a SHA256 / SHA512 algorithm to encrypt the password. Its called smtp-user-enum. In a black box. If you check netstat / ps list etc. Disabling anonymous enumeration of SAM Accounts Hackers will often probe machines on the Internet for a list of their Users (SAM Accounts) and Shares (Shared folders and Printers). Enumeration is performed by inspecting the responses to VRFY, EXPN, and RCPT TO commands. You may need to create a variable that. Once again, that is up to the people who write the compiler. Use Case Workaround. This test is designed for enumerating the percent and absolute cell count of lymphocyte subsets in lysed whole blood. CWE™ is a community-developed list of common software security weaknesses. Note: an explicit specialization declaration of a scoped enumeration member of a class template is the only case where nested-name-specifier appears before enum-name (since C++14). Since user "root" exists, I'm assuming other users like "msfadmin" and "user" also exist. This 60 minute training webinar will teach you all the latest and greatest technologies in the world of Java. The Centers for Medicare & Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers. For most cases name() method would be enough to convert Enum to String. For example, suppose that you have test scores for students in a class. The enum declaration defines a class (called an enum type). NET Enum Example. Just leave it, it will work. public class TrafficProfileExtension { public static enum CosProfileType { BENIGN ("BENIG. Once you have it installed, go ahead and open it, then tap the “Info” tab at the bottom. This can be useful for locating valuable information or for finding pages on a site that have since been unlinked. Opening In part one of this blog post series, we provided an introduction into what ransomware is and how it works. IP tables and routing tables. It attempts to offer similar functionality to enum. You can iterate through an enum to access its values. For insight into how to detect Account Enumeration, please see the article entitled "How To Test For Account Enumeration". Service settings and Audit configurations. In contrast to the reconnaissance phase, pentesters actively query specific systems during enumeration, to gather as much information as possible. Kali includes many default username and passwords lists that I can use with smtp-user-enum to test: I select unix_users. What is an Enum? Simply put, an enum is a custom type that you can create in your scripts. That's all on How to compare two enum in Java and difference between == and equals to compare two enums. Testing for User Enumeration and Guessable User Account (OWASP-AT-002) Brief Summary. fixture() allows one to parametrize fixture functions. The value of the 'test' variable will be read from a socket, I've to validate the value on the socket (== check if value is defined in enum) before assigning it to a variable of type VALUES. enum_wayback. NET Core’s new policy-based authorization system to check that the User’s Permissions Claims contains the Permission placed on the action/page they want to access. In our test for example, the smb-enum-users script could still execute QueryDisplayInfo, and enumerate user information, without access to these functions. DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. You just need to add the EnumProperty to the operator. Incorrect password results in a "username or password is incorrect" prompt fairly quickly, so this would be a decent GUI-based test to work through a mental list of possible passwords. Check if host is part of a domain or workgroup. Kali includes many default username and passwords lists that I can use with smtp-user-enum to test: I select unix_users. Most probably the ldap configuration doesn't allow enumeration. An enumeration is a great way to define a set of constant values in a single data type. Defn : It connects to its hidden inner process communication (IPS$) of 192. Following is an. always_logon=true. While testing our Windows Domain Controller (Server 2012 R2), I was able use the Linux utility rpcclient to enumerate user accounts and groups via a Null Session (see output below). Blowfish is faster than SHA256, and that's a problem when servers talk back. There is no need to export it because it is a test project. This is often a pre-cursor to brute-force password attacks. The compiler automatically adds some special methods when it creates an enum. NET Enum Example. This definitely does not have any new information here and there are a ton of good sites with the “cheat sheets” but I have found that making my own is so much more useful. The standard @Test annotation in JUnit Jupiter described in Annotations is very similar to the @Test annotation in JUnit 4. The value that is assigned to the attribute tells Windows which options have been enabled. If you want to display an enum's element name on your UI directly by calling its ToString() method, it will be displayed as it has been defined. That is to say you can get all user information, all the security groups and their membership, all computer and server names, etc. Any user account will do, you don’t have to be an admin. This makes it even more simple. Box Customer Stories and Presentations. The tool can simply intercept HTTP/S requests and act as a middle-man between the user and web pages. They take only a minute to implement, and will serve to harden your WordPress-powered site with additional layers of security. Users have a unique user id that is used by the application in the database and for referencing the user account. An enumeration is a series of constant integers that each has a specific position in the list and can be recognized by a meaningful name. This tutorial explains how to block user-enumeration scans in WordPress. That is to say you can get all user information, all the security groups and their membership, all computer and server names, etc. The scenario Sometimes in business applications it's interesting checking if current user is member of the 'domain administrators' role. It will provide the response “The old password is incorrect” if the username is valid and provide no response if the username is invalid. Casting an enum to int will return its integer value. I believe Ben took it to mean to set the enumeration items rather than just writing a value to an indicator that's an enum. An assumption can be made that it shouldn't be possible to select and save enum element with value 0 on mandatory field. The user agent may be asked to suspend the ongoing fetch. In some of my test runs on an internal network using this nmap NSE I was able to scan 50 nodes in just 22 seconds to find Local Admin on 9 systems. An enumeration is a user-defined data type that consists of integral constants. Whether it can be bypassed or not. The enumerator names are usually identifiers that behave as constants in the language. NET MVC has proven to be among the most popular on this site, amassing over a third of a million views since it was published 5 years ago. Citrix architecture, logon and enumeration process Rollup process Process 1tb data and get max age for each gender group Email validation via cobol Casting process Roll back and roll forward Order management process. Advantages of using SAMR enumeration: * Stealthier (requires one packet/user account, whereas LSA uses at least 10 packets while SAMR uses half that; additionally, LSA makes a lot of noise in the Windows event log (LSA enumeration is the only script I (Ron Bowes) have been called on by the administrator of a box I was testing against). I also quickly demonstrate the. How to find stale sessions in Oracle 12c. Simply observe the responses from the following two tests: Providing a legitimate account identifier and an invalid password; Providing a non-existent account identifier and any password; If the response is the same then it represents an Account Enumeration vulnerability. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. User enumeration is often a web application vulnerability, though it can also be found in any system that requires user authentication. I have a set of some known user names to test with, along with the login screen URLs. If you want a slightly modified Enum, you cannot make a change to existing Enum as it might change wherever referenced. Introduction to MySQL ENUM data type. org 12/02/2015 11:18 PM. Descriptions of the vulnerability. Result Expected: Using WebScarab, notice the information retrieved from this successful authentication (HTTP 200 Response, length of the response). # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc. Checking the windows user-enumeration. This is generally aimed at enumeration rather than specific vulnerabilities/exploits and I realise these are just the tip of the iceberg in terms of what's available. You asked how it's used so here's an example. Casting an enum to int will return its integer value. Suppose you have an enum like below which by default int. In the example below, we configure WPScan to enumerate all the WordPress users on www. This technique is surprisingly effective, even against household-name companies. One other way to block user enumeration is with a Web Application Firewall (WAF). Users take full responsibility # for any actions performed using this tool. And, spring, summer and winter are values of type season. function is determined. By default, spring is 0, summer is 1 and so on. You just need to add the EnumProperty to the operator. In the flow I want to loop over all the records of the entity where Status is Active. If you don't want the change to occur globally, then add this code right before the enumeration (and resotre right after, if needed). User Enumeration User Enumeration in the enumeration phase attacker creates and performs activities connections to system and perms directed queries to gain more information about the taget attackers use extracted information to identify system attack point and perform password attacks to …. Today, we will be using a tool called Enum4linux to extract information. YOu can force it to be atleast as large as an in by assigning an enum entry to have a value greater than a short or word. Thus ensuring uniform implementation. The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. So, you create an enum called Days, and there are seven different Days you could use in your program: Sat, Sun, Mon, Tue, Wed, Thur, Fri. kali > smtp-user-enum -M VRFY -U -t Now let's construct a command to use against the Metasploitable SMTP server. Don’t just write the finding off. Both describe methods that implement test cases. How to use Enum in C# If you have a number of constants that are logically related to each other, then you can group together these constants in an enumeration. This test verifies that all disks in the chassis must be able to be enumerated by all controllers in the chassis. Net The DataSet consists of a collection of DataTable objects that you can relate to each other with DataRelation objects. Enum Variable Type. To define an enumeration, keyword enum is used. In our test for example, the smb-enum-users script could still execute QueryDisplayInfo, and enumerate user information, without access to these functions. The Python raw_input() function is used to read a string from standard input such as keyboard. The output of running the test in IntelliJ is: Enum Iteration. The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services. Using protocols like ICMP and SNMP, network enumeration offers a better view of the network for either protection or hacking purposes. Assume the user 'testuser' has modify access to folder1, but not folder2 or folder3. Enumeration is the most important thing you can do, at that inevitable stage where you find yourself hitting a wall, 90% of the time it will be because you haven’t done enough enumeration. Below I added my code with the enum type. 1-Create a share on your file server. These variables contain ADS_USER_FLAG_ENUM enumeration values which were retrieved from the Windows SDK. It could be adapted to work against other vulnerable SMTP daemons, but this hasn't been done as of v1. Access-based Enumeration (ABE) allows to check access permissions on file system objects before the user receives a list of the folder contents. This vulnerability does not produce a list of valid usernames, but it does allow guessing of usernames. This test verifies that all disks in the chassis must be able to be enumerated by all controllers in the chassis. How can I create test cases using JUNIT to test ENUMS types. This tutorial explains how to block user-enumeration scans in WordPress. Enum is a keyword in java and on more detail term Java Enum is type like class and interfaces and can be used to define a set of Enum constants. Instead of exporting, go with creating a package. Time is precious, so I don't want to do something manually that I can automate. When we use the user name does not exist to connect ssh server, SSHD will be based BLOWFISH algorithm to generate a fake password, but if the user name exists, SSHD uses a SHA256 / SHA512 algorithm to encrypt the password. Users take full responsibility # for any actions performed using this tool. Active Directory user enumeration. The tool can simply intercept HTTP/S requests and act as a middle-man between the user and web pages. In your example you're not "getting" the value of the enum. Is there an Oracle 'ENUM' type?. The enum declaration defines a class (called an enum type). For example, identifying TCP port 1521 on a host will, in more cases than not, indicate that the host has an oracle user. Now the difference in my scenario was I was using a Linux host for testing and @digininja used a Windows host, this meant I'd be using either 'rdesktop' or 'Remmina/FreeRDP' instead of the native windows application. Enumeration is performed by inspecting the responses to VRFY, EXPN and RCPT TO commands. pytest enables test parametrization at several levels: pytest. Discovering NetBIOS name enumeration with. User enumeration through the issueTable resource - CVE-2019-8446 resource in Jira before version 8. Enumeration. C# / C Sharp Forums on Bytes. Whether it can be bypassed or not. Enumeration types (C# Programming Guide) 09/10/2017; 5 minutes to read +3; In this article. For example I am used to checking if current user has administrative privileges in order to showing some advanced configuration options (changing the application's connection string, or allow creating new users). The term is commonly used in mathematics and computer science to refer to a listing of all of the elements of a set. The Exploit Database is a non-profit project that is provided as a public service by Offensive Security. RID cycling (When RestrictAnonymous is set to 1 on Windows 2000) User listing (When RestrictAnonymous is set to 0 on Windows 2000) Listing of group membership information; Share enumeration. I am having a problem to set enum value with out using the enum type. Account (though the Windows best practice is to disable the Administrator account). Enumeration (or enum) is a value data type in C#. If you check on your users on a regular basis, you’ll be able to recognize the most active users. Info Allows to enumerate widgets inside a line segment with an offset. An enumeration is a user-defined data type that consists of integral constants. Security Bulletin: IBM® Intelligent Operations Center is vulnerable to user enumeration (CVE-2019-4068). If a public field is an enum, it will conveniently appear like a dropdown menu: Enums and Flags. You can force logging in (which kicks the actual user off) with the argument tso-brute. com/diego-treitos/linux-smart-enumeration # lse_version="1. Whether it can be bypassed or not. RID cycling (When RestrictAnonymous is set to 1 on Windows 2000) User listing (When RestrictAnonymous is set to 0 on Windows 2000) Listing of group membership information; Share enumeration. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. app { object Margin extends Enumeration { type Margin = Value val TOP, BOTTOM, LEFT, RIGHT = Value } } Then import the enumeration to use it in your application: object Main extends App { import com. Access Based Enumeration is the feature that hides folders from users that do not have permission to that folder. That is literally it. Enumerating Themes. smtp-user-enum is a tool for enumerating OS-level user accounts on Solaris via the SMTP service (sendmail). VRFY) -u user Check if user exists on remote system -f addr From email address to use for "RCPT TO" guessing (default: user. How to check if a file or directory or link exists in Python ? Python: How to find all indexes of an item in a List? C++ map : Erase element by key or Iterator or Range. Most probably the ldap configuration doesn't allow enumeration. com Subject: Another OpenSSH "user enumeration" Hi all, On August 24, 2018, we sent the following email to [email protected] This makes it even more simple. The Python raw_input() function is used to read a string from standard input such as keyboard. You just need to add the EnumProperty to the operator. Discovering NetBIOS name enumeration with. Continuing with our information gathering, let’s take a look at SNMP Sweeping. So, the final list includes only those objects a user has NTFS permissions to access (at least read-only permission), and all inaccessible resources are simply not displayed (hidden). If all 0xFFs are returned, then no device is there, and enumeration moves on. Net The DataSet consists of a collection of DataTable objects that you can relate to each other with DataRelation objects. _ // use an enumeration value in a test var currentMargin = TOP // later in the code. Here's an article showing how to do what you are asking: 'Extending' the Enum Class to Validate the Enum Values with the Flags Attribute. Specify the session info so that you can track if the session has finished or not. Fahrenheit is a thermodynamic temperature scale, where the freezing point of water is 32 degrees Fahrenheit (°F) and the boiling point of water is 212°F (at standard atmospheric pressure). can you help me create a switch case which uses Enum as input. For example, if you have 1 million users to upload, you need to split them into at least 100 requests because each request can only take 10k users. The Centers for Medicare & Medicaid Services (CMS) has developed the National Plan and Provider Enumeration System (NPPES) to assign these unique identifiers. For Loop 14 7 39 40 Advanced For Loop 14 7 39 40 While Loop 14 7 39 40 Iterator 14 7 39 40. Enumeration is the first attack on target network, enumeration is the process to gather the information about a target machine by actively connecting to it. User Enumeration If an attacker can abuse your authentication function to test whether a username exists on your site, it makes exploiting other vulnerabilities much easier. Check if host is part of a domain or workgroup. The Enum keyword is used to declare an enumeration. now lets check a user on the target system. This is a great way to find user locations within the network. The goal of enumeration is to get a complete picture of the target. You could call on any of these by saying Days. Box Customer Stories and Presentations. In this method, we use in-built equals() method of Arrays class to check the equality of two arrays. Hi Hope you can help. Today we're going to be learning about SMTP user enumeration, as well as building an enumeration tool of our very own and taking things further than just using the python smtplib to send emails. Casting an enum to int will return its integer value. Find Logged in users on target. You can iterate through an enum to access its values. We’ve gotten the chance to test PowerUp in multiple environments, as well integrate public feedback, so I wanted to put together a quick usage guide for those wanting to check it out. Users take full responsibility # for any actions performed using this tool. Which is used at helpers medthod when there is no match found with input value. This technique is surprisingly effective, even against household-name companies. In the preamble, use the \renewcommand{indicator}{format} syntax for each level of heirarchy you would like to change (4 level max. Community updates and announcements. DFSDIAG can check your configuration in five different ways:. ), Lambda function invocation, and IAM role assumption. They enable you to perform all sort of actions ranging from reading PDF, Excel or Word documents and working with databases or terminals, to sending HTTP requests and monitoring user events. How to find stale sessions in Oracle 12c. 0, complete the following procedure: If the user account exists in a different domain from that containing the XenApp server, ensure that the domains share a two-way trust relationship. File Attributes [C#] This example shows how to get or set file attributes, how to add attributes and how to remove attributes from current ones. As I understand Test Cases (TC), they stem from a parent Use Case (UC), such that any 1 UC can have M TC. To create an enum , use the enum keyword (instead of class or interface), and separate the constants with a comma. In a network test, this can be the obligatory portscan, directly querying single services or the identification of the tested systems' individual security weaknesses. How to determine SQL Security Login group for windows login when user is member of active directory security group. Its a useful programming type that contains an ordered list of string values. The following will print cool and 5 is not defined. As we have seen, with the right permissions, we can create a basic user account in just a few lines of code. For example, suppose that you have test scores for students in a class. This is a process where the attacker establishes an active connection with the victim and try to discover as much attack vectors as possible, which can be used to exploit the systems further. parametrize allows one to define multiple sets of arguments and fixtures at the test function or class. Based on this, instead of just remembering that the constant 1 represents Single Family, you can create a list that has that type of house. Kali includes many default username and passwords lists that I can use with smtp-user-enum to test: I select unix_users. The program also restricts the user to choose destinations other than the following 3 destinations. It is mainly used to assign the names or string values to integral constants, that make a program easy to read and maintain. An enum is a special "class" that represents a group of constants (unchangeable variables, like final variables). the above command show u which user is currently logged in to a target system. Initialization of enum: As discussed above, that the default value of first enum member is set to 0 and it increases by 1 for the further data members of enum. If verbosity is set, the offered algorithms are each listed by type. This specific command will enumerate all user accounts that have the string user. To check if an object is an enum, check if the object is of the type System. In this little article I describe how to use the cmdlet Test-Path to check if a file exists. The best thing of SPARTA GUI Toolkit it scans detects the service running on the target port. Please notice the names of the enumerated constants. The following will print cool and 5 is not defined. Specify the session info so that you can track if the session has finished or not. you will see it doing something. So ENUM values will take more memory then Integer or String constant. One of the first activities while conducting a penetration test in Unix environments is to perform a user enumeration in order to discover valid usernames. The following post lists a few Linux commands that may come in useful when trying to escalate privileges on a target system. The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. This change. The purpose of this blog is for knowledge sharing only. services enumeration • Test – Use of “Net User /Domain” and “Net Group /Domain” commands to enumerate users and groups. Python enum the easy way. How to find stale sessions in Oracle 12c. I would like to create a control that has Enum data type, but looks like this (menu ring): The Enum does not have a drop-down arrow for the user to realize more options are available, and I find the Menu Ring control more clear. In contrast to the reconnaissance phase, pentesters actively query specific systems during enumeration, to gather as much information as possible. But since you're keen on testing it, going with your second option is much better than the first. The user agent may be asked to suspend the ongoing fetch. I have a set of some known user names to test with, along with the login screen URLs. This system, called UserDefaults can save integers, booleans, strings, arrays, dictionaries, dates and more, but you should be careful not to save too much data because it will slow. What is a simple and effective method to test for a username enumeration risk?. Enum4linux is a tool for enumerating information from Windows and Samba systems. For example, requests for author=1 through some number, say, author=1000, may reveal the usernames for all associated users. For example, if you have 1 million users to upload, you need to split them into at least 100 requests because each request can only take 10k users. com Subject: Another OpenSSH "user enumeration" Hi all, On August 24, 2018, we sent the following email to [email protected] Finally, the enumeration flaw is exploited to test the presence of each username in the list. com/diego-treitos/linux-smart-enumeration # lse_version="1. If you don't want the change to occur globally, then add this code right before the enumeration (and resotre right after, if needed). Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. In MySQL, an ENUM is a string object whose value is chosen from a list of permitted values defined at the time of column creation. Java programming language enum types are much more powerful than their counterparts in other languages. Incorrect password results in a "username or password is incorrect" prompt fairly quickly, so this would be a decent GUI-based test to work through a mental list of possible passwords. For Loop 14 7 39 40 Advanced For Loop 14 7 39 40 While Loop 14 7 39 40 Iterator 14 7 39 40. C# / C Sharp Forums on Bytes. Introduction. Thus ensuring uniform implementation. So here, we will learn a way to show user-friendly enum names to end users. How to populate a combo box from a dataset in VB. Note Consider the Enum type if your program consists of a fixed set of constants, like seasons of the year, operations calculator, user status and etc. More on Enumeration Constructor, Member Variables and Methods. Suppose you have an enum like below which by default int. Below I added my code with the enum type. However, while binding a combobox with enum, one can face a common problem that enum values are not user-friendly for display. And if you want to change the display name, let's say to "first day of week" you have to redo the inner workings of the code. 65535} Here assuming a shell with support for the {x. User Enumeration If an attacker can abuse your authentication function to test whether a username exists on your site, it makes exploiting other vulnerabilities much easier. UiPath Activities are the building blocks of automation projects. Do the Testing. It is a primitive data type, which is user defined. It serves as a common language, a measuring stick for software security tools, and as a baseline for weakness identification, mitigation, and prevention efforts. Get local users to perform password attacks against. What is an Enum? Simply put, an enum is a custom type that you can create in your scripts. Enumeration (or enum) is a user defined data type in C. NET Core’s new policy-based authorization system to check that the User’s Permissions Claims contains the Permission placed on the action/page they want to access. A good WAF will detect and block single IP address making many of these requests. Descriptions of the vulnerability. It identifies 17 usernames. Here's an article showing how to do what you are asking: 'Extending' the Enum Class to Validate the Enum Values with the Flags Attribute. Business Logical Vulnerability, penetration testing, security testing, web penetration testing, network penetration testing, application security testing, security testing tools, web application. But how big is an enum? The answer is the standard computer answer: it depends. The user may be redirected to an untrusted page that contains malware which may then compromise the user's machine. Enumerating Enumerations. Example: Program to check whether the input year is leap or not. but how to check user input is a number. You can change the. - [Malcolm] When carrying out testing through ethical hacking, one of the key activities that directs the testing is enumeration, the ability to find out everything about a target by enumerating its ports and services, its users and accounts, its processes, and just about everything that can be exposed and enumerated. You can also find the following issues: Stale and abnormally long sessions. In a network test, this can be the obligatory portscan, directly querying single services or the identification of the tested systems' individual security weaknesses. Setting the value of an enum indicator is the same as setting the value of any other indicator. Though using equals() to compare object is considere d Java best practice, c omparing Enum using == is better than using equals. Discovering the account names of the users of the site, allows you to then attack the passwords of those users through the WordPress login form. The code sample uses SPContext. NET class method Exists() from the System. I need to check if the enum value represented by my string ss is one of my enum values h1, h2 or h4. This 60 minute training webinar will teach you all the latest and greatest technologies in the world of Java. Current to get a reference to the current site, as such it must be rUn under the context of SharePoint (in a web part, or custom application page), to run the code in a console application or windows application you will need. In black box and gray box penetration testing scenarios, discovering a list of valid users for an application may be one of the first steps, especially if such an application is not commercial so that you can look for default users online. How to use string variable in enum ConsoleKey ? I've issue, i want to check if user push on key belongs to alphabet. The joeware utilities Saving administrators around the world time and frustration for over twelve years All joeware utilities have a very simple warranty which you can find here.