- enum4linux -a IP
- smbclient -L //IP
- smbclient -L //192.168.1.2/myshare -U anonymous
- rpcclient -U “” 192.168.1.2 ///when asked enter empty password
- rpcclient $>srvinfo
- rpcclient $>enumdomusers
- rpcclient $>querydominfo
- rpcclient $>getdompwinfo //password policy
- rpcclient $>netshareenum
- nmblookup -A 192.168.1.1
- nbtscan IP
- nmap IP -p 139,445 –script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse
