Samba (smb)
Last updated
Last updated
Remember to escape the double \ before the target IP/Domain. Usually looks like \\\\10.10.10.10
The rest of the path also need escaping: \\\\10.10.10.10\\users
| Flag | Description |
|---|---|
Order matters, for example: -L -N will ask for the password still while -N -L will work fine
The Remote Procedure Call (RPC) is a concept and, therefore, also a central tool to realize operational and work-sharing structures in networks and client-server architectures.
Example of Bash command to enumerate every user based on rid
Other tools that automate this: Samrdump, SMBMap or CrackMapExec
Worth mentioning but more verbose: enum4linux-ng
-L
retrieve a list of available shares
-N
suppresses the password prompt (null session)
-U
Specify user (can be put after address)
srvinfo
Server information.
enumdomains
Enumerate all domains that are deployed in the network.
querydominfo
Provides domain, server, and user information of deployed domains.
netshareenumall
Enumerates all available shares.
netsharegetinfo <share>
Provides information about a specific share.
enumdomusers
Enumerates all domain users.
queryuser <RID>
Provides information about a specific user.