- Enumerating usernames: -
- from a domain pc: - net users /domain
- nmap -p445 --script=smb-enum-users <IP> >users.txt
- Enumerating via snmp: -
- create a list of ip addresses: - for i in `seq 1 255`;do echo 192.168.1.$i;done >ips.txt
- find vulnerable servers: - onesixtyone -i ips.txt public
- enumerate snmp info: - snmpcheck -t <IP> -w
- Via Metasploit to grab users/groups/computernames: - use auxillary/scanner/smb/smb_lookupsid
- Via Finger: - for i in $(cat unix_users.txt);do finger $i@192.168.1.10;done |grep Login
- Via Outlook Web Access: - Perl script by the guys at foofus.net
