ENUMERATION


  • Enumerating usernames: -
    • from a domain pc: - net users /domain
    • nmap -p445 --script=smb-enum-users <IP> >users.txt
  • Enumerating via snmp: -
    • create a list of ip addresses: - for i in `seq 1 255`;do echo 192.168.1.$i;done >ips.txt
    • find vulnerable servers: - onesixtyone -i ips.txt public
    • enumerate snmp info: - snmpcheck -t <IP> -w
    • Via Metasploit to grab users/groups/computernames: - use auxillary/scanner/smb/smb_lookupsid