Skip to content

SAMBA - SMB

runs all options apart from dictionary based share name guessing

enum4linux -a target-ip

list usernames

enum4linux -U x.x.x.x

list windows shares

enum4linux -S x.x.x.x

dictionary attack

enum4linux -s shares.txt target-ip

pull usernames from the default RID range (500-550,1000-1050)

enum4linux -r target-ip

pull usernames using a custom RID range

enum4linux -R 600-660 target-ip

view password policy

enum4linux -P x.x.x.x

view OS info

enum4linux -o x.x.x.x

list groups

enum4linux -G target-ip

if on domain, tried to get some LDAP info

enum4linux -l x.x.x.x

-i flag any Printer info

enum4linux -i x.x.x.x

NetBIOS info

enum4linux -n x.x.x.x

run all simple enumeration

enum4linux -a x.x.x.x

connect with user and password

enum4linux -u administrator -p password -U target-ip

verbose mode

enum4linux -v target-ip