-
-
Save wlayzz/4d5f74d4e9c19c7f049890759a7909a0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ENUM4LINUX - next generation | |
========================== | |
| Target Information | | |
========================== | |
[*] Target ........... 10.10.10.192 | |
[*] Username ......... '' | |
[*] Random Username .. 'divqrsbe' | |
[*] Password ......... '' | |
[*] Timeout .......... 5 second(s) | |
==================================== | |
| Service Scan on 10.10.10.192 | | |
==================================== | |
[*] Checking LDAP | |
[+] LDAP is accessible on 389/tcp | |
[*] Checking LDAPS | |
[-] Could not connect to LDAPS on 636/tcp: timed out | |
[*] Checking SMB | |
[+] SMB is accessible on 445/tcp | |
[*] Checking SMB over NetBIOS | |
[-] Could not connect to SMB over NetBIOS on 139/tcp: timed out | |
==================================================== | |
| Domain Information via LDAP for 10.10.10.192 | | |
==================================================== | |
[*] Trying LDAP | |
[+] Appears to be root/parent DC | |
[+] Long domain name is: BLACKFIELD.local | |
==================================================== | |
| NetBIOS Names and Workgroup for 10.10.10.192 | | |
==================================================== | |
[-] Could not get NetBIOS names information via 'nmblookup': timed out | |
========================================= | |
| SMB Dialect Check on 10.10.10.192 | | |
========================================= | |
[*] Trying on 445/tcp | |
[+] Supported dialects and settings: | |
SMB 1.0: false | |
SMB 2.02: true | |
SMB 2.1: true | |
SMB 3.0: true | |
SMB1 only: false | |
Preferred dialect: SMB 3.0 | |
SMB signing required: true | |
========================================= | |
| RPC Session Check on 10.10.10.192 | | |
========================================= | |
[*] Check for null session | |
[+] Server allows session using username '', password '' | |
[*] Check for random user session | |
[+] Server allows session using username 'divqrsbe', password '' | |
[H] Rerunning enumeration with user 'divqrsbe' might give more results | |
=================================================== | |
| Domain Information via RPC for 10.10.10.192 | | |
=================================================== | |
[+] Domain: BLACKFIELD | |
[+] SID: S-1-5-21-4194615774-2175524697-3563712290 | |
[+] Host is part of a domain (not a workgroup) | |
=========================================================== | |
| Domain Information via SMB session for 10.10.10.192 | | |
=========================================================== | |
[*] Enumerating via unauthenticated SMB session on 445/tcp | |
[+] Found domain information via SMB | |
NetBIOS computer name: DC01 | |
NetBIOS domain name: BLACKFIELD | |
DNS domain: BLACKFIELD.local | |
FQDN: DC01.BLACKFIELD.local | |
=============================================== | |
| OS Information via RPC for 10.10.10.192 | | |
=============================================== | |
[*] Enumerating via unauthenticated SMB session on 445/tcp | |
[+] Found OS information via SMB | |
[*] Enumerating via 'srvinfo' | |
[-] Could not get OS info via 'srvinfo': STATUS_ACCESS_DENIED | |
[+] After merging OS information we have the following result: | |
OS: Windows 10, Windows Server 2019, Windows Server 2016 | |
OS version: '10.0' | |
OS release: '1809' | |
OS build: '17763' | |
Native OS: not supported | |
Native LAN manager: not supported | |
Platform id: null | |
Server type: null | |
Server type string: null | |
===================================== | |
| Users via RPC on 10.10.10.192 | | |
===================================== | |
[*] Enumerating users via 'querydispinfo' | |
[-] Could not find users via 'querydispinfo': STATUS_ACCESS_DENIED | |
[*] Enumerating users via 'enumdomusers' | |
[-] Could not find users via 'enumdomusers': STATUS_ACCESS_DENIED | |
====================================== | |
| Groups via RPC on 10.10.10.192 | | |
====================================== | |
[*] Enumerating local groups | |
[-] Could not get groups via 'enumalsgroups domain': STATUS_ACCESS_DENIED | |
[*] Enumerating builtin groups | |
[-] Could not get groups via 'enumalsgroups builtin': STATUS_ACCESS_DENIED | |
[*] Enumerating domain groups | |
[-] Could not get groups via 'enumdomgroups': STATUS_ACCESS_DENIED | |
====================================== | |
| Shares via RPC on 10.10.10.192 | | |
====================================== | |
[*] Enumerating shares | |
[+] Found 0 share(s) for user '' with password '', try a different user | |
========================================= | |
| Policies via RPC for 10.10.10.192 | | |
========================================= | |
[*] Trying port 445/tcp | |
[-] SMB connection error on port 445/tcp: STATUS_ACCESS_DENIED | |
========================================= | |
| Printers via RPC for 10.10.10.192 | | |
========================================= | |
[-] Could not get printer info via 'enumprinters': STATUS_ACCESS_DENIED | |
Completed after 27.93 seconds |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment