SMB
May 13, 2024
ENUM4LINUX - next generation (v1.3.3)
==========================
| Target Information |
==========================
[*] Target ........... 10.129.181.49
[*] Username ......... ''
[*] Random Username .. 'drymulgr'
[*] Password ......... ''
[*] Timeout .......... 5 second(s)
======================================
| Listener Scan on 10.129.181.49 |
======================================
[*] Checking LDAP
[-] Could not connect to LDAP on 389/tcp: connection refused
[*] Checking LDAPS
[-] Could not connect to LDAPS on 636/tcp: connection refused
[*] Checking SMB
[+] SMB is accessible on 445/tcp
[*] Checking SMB over NetBIOS
[+] SMB over NetBIOS is accessible on 139/tcp
============================================================
| NetBIOS Names and Workgroup/Domain for 10.129.181.49 |
============================================================
[+] Got domain/workgroup name: DEVOPS
[+] Full NetBIOS names information:
- DEVSMB <00> - H <ACTIVE> Workstation Service
- DEVSMB <03> - H <ACTIVE> Messenger Service
- DEVSMB <20> - H <ACTIVE> File Server Service
- DEVOPS <00> - <GROUP> H <ACTIVE> Domain/Workgroup Name
- DEVOPS <1e> - <GROUP> H <ACTIVE> Browser Service Elections
- MAC Address = 00-00-00-00-00-00
==========================================
| SMB Dialect Check on 10.129.181.49 |
==========================================
[*] Trying on 445/tcp
[+] Supported dialects and settings:
Supported dialects:
SMB 1.0: false
SMB 2.02: true
SMB 2.1: true
SMB 3.0: true
SMB 3.1.1: true
Preferred dialect: SMB 3.0
SMB1 only: false
SMB signing required: false
============================================================
| Domain Information via SMB session for 10.129.181.49 |
============================================================
[*] Enumerating via unauthenticated SMB session on 445/tcp
[+] Found domain information via SMB
NetBIOS computer name: DEVSMB
NetBIOS domain name: ''
DNS domain: ''
FQDN: nix01
Derived membership: workgroup member
Derived domain: unknown
==========================================
| RPC Session Check on 10.129.181.49 |
==========================================
[*] Check for null session
[+] Server allows session using username '', password ''
[*] Check for random user
[+] Server allows session using username 'drymulgr', password ''
[H] Rerunning enumeration with user 'drymulgr' might give more results
====================================================
| Domain Information via RPC for 10.129.181.49 |
====================================================
[-] Could not get domain information via 'lsaquery': timed out
================================================
| OS Information via RPC for 10.129.181.49 |
================================================
[*] Enumerating via unauthenticated SMB session on 445/tcp
[-] SMB connection error on port 445/tcp: session failed
[*] Enumerating via unauthenticated SMB session on 139/tcp
[+] Found OS information via SMB
[*] Enumerating via 'srvinfo'
[+] Found OS information via 'srvinfo'
[+] After merging OS information we have the following result:
OS: Linux/Unix
OS version: '6.1'
OS release: ''
OS build: '0'
Native OS: not supported
Native LAN manager: not supported
Platform id: '500'
Server type: '0x809a03'
Server type string: Wk Sv PrQ Unx NT SNT InlaneFreight SMB server (Samba, Ubuntu)
======================================
| Users via RPC on 10.129.181.49 |
======================================
[*] Enumerating users via 'querydispinfo'
[+] Found 0 user(s) via 'querydispinfo'
[*] Enumerating users via 'enumdomusers'
[-] Could not find users via 'enumdomusers': timed out
=======================================
| Groups via RPC on 10.129.181.49 |
=======================================
[*] Enumerating local groups
[-] Could not get groups via 'enumalsgroups domain': timed out
[*] Enumerating builtin groups
[+] Found 0 group(s) via 'enumalsgroups builtin'
[*] Enumerating domain groups
[+] Found 0 group(s) via 'enumdomgroups'
=======================================
| Shares via RPC on 10.129.181.49 |
=======================================
[*] Enumerating shares
[+] Found 3 share(s):
IPC$:
comment: IPC Service (InlaneFreight SMB server (Samba, Ubuntu))
type: IPC
print$:
comment: Printer Drivers
type: Disk
sambashare:
comment: InFreight SMB v3.1
type: Disk
[*] Testing share IPC$
[-] Could not check share: STATUS_OBJECT_NAME_NOT_FOUND
[*] Testing share print$
[+] Mapping: DENIED, Listing: N/A
[*] Testing share sambashare
[-] Could not check share: timed out
==========================================
| Policies via RPC for 10.129.181.49 |
==========================================
[*] Trying port 445/tcp
[+] Found policy:
Domain password information:
Password history length: None
Minimum password length: 5
Maximum password age: 49710 days 6 hours 21 minutes
Password properties:
- DOMAIN_PASSWORD_COMPLEX: false
- DOMAIN_PASSWORD_NO_ANON_CHANGE: false
- DOMAIN_PASSWORD_NO_CLEAR_CHANGE: false
- DOMAIN_PASSWORD_LOCKOUT_ADMINS: false
- DOMAIN_PASSWORD_PASSWORD_STORE_CLEARTEXT: false
- DOMAIN_PASSWORD_REFUSE_PASSWORD_CHANGE: false
Domain lockout information:
Lockout observation window: 30 minutes
Lockout duration: 30 minutes
Lockout threshold: None
Domain logoff information:
Force logoff time: 49710 days 6 hours 21 minutes
==========================================
| Printers via RPC for 10.129.181.49 |
==========================================
[+] No printers returned (this is not an error)
Completed after 84.94 secondssmbclient -N -L 10.129.181.49
smbclient \\\\10.129.181.49\\sambashare
cd contents
get flag.txt
rpcclient -U "" 10.129.206.56
srvinfo
netshareenumall
Last updated