search
HomeWriteupsResourcesCheatsheets

Service Enumeration

hashtag
FTP - 21

LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right

hashtag
Using hydra

Bruteforcing Credentials

hashtag
Telnet - 23

Logo23 - Pentesting Telnet - HackTricksbook.hacktricks.xyzchevron-right

hashtag
NetBios - 137, 138, 139

Logo137,138,139 - Pentesting NetBios - HackTricksbook.hacktricks.xyzchevron-right

hashtag
Ports

Port
Protocol
Service

137

UDP

NetBIOS Name Service (NBNS)

138

UDP

NetBIOS Datagram Service (NDS)

139

TCP

NetBIOS over TCP/IP (NBT)

hashtag
Using Nbtstat - Windows

Windows Command Line Utility

Check for local cache

hashtag
Using nmap

Logonbstat NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

  • -sV - Version Enumeration

  • -sU - UDP scan

hashtag
SMB - 139, 445

Server Message Block

LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right
LogoPWK Notes: SMB Enumeration Checklist [Updated]0xdf hacks stuffchevron-right

hashtag
Methodology

Look out for

  • Network File Shares

  • Logged in User Details

  • Workgroups

  • Security Level Information

  • Domains and Services

hashtag
Ports

Port
Protocol
Service

137

UDP

NetBIOS Name Service (NBNS) by SMB

138

UDP

NetBIOS Datagram Service (NDS) by SMB

139

TCP

SMB in conjunction with NetBIOS over TCP/IP (NBT)

445

TCP

Primary Port

hashtag
Services Examples

  • netbios-ssn

  • microsoft-ds

hashtag
Using enum4linux

hashtag
Using nmap

hashtag
To List All Scripts for SMB

To list all scripts by Nmap for SMB enumeration

hashtag
OS Discovery

Logosmb-os-discovery NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Enumerating Shares

Logosmb-enum-shares NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Enumerating Users

Logosmb-enum-users NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Enumerating Groups

Logosmb-enum-groups NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Enumerating Services

Logosmb-enum-services NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Enumerating Security Level

hashtag
Exploitation

Unexpected error with integration github-files: Integration is not installed on this space

hashtag
Using smbclient

  • smbclient -L - List shares on a machine using NULL Session

  • smbclient -L <target_IP> -U username%password - List shares on a machine using a valid username + password

  • smbclient //<target>/<share$> -U username%password - Connect to a valid share with username + password

hashtag
RDP - 3389

Logo3389 - Pentesting RDP - HackTricksbook.hacktricks.xyzchevron-right

hashtag
Methodology

  1. Check for running services on the target and confirm if RDP is running on any open port.

  2. Use Metasploit to confirm the services running is RDP.

  3. Use hydra to brute force the login credentials.

  4. Use RDP tools to login into the victim's machine.

hashtag
Using Metasploit

hashtag
Confirming RDP

hashtag
Using Hydra

Bruteforcing login credentials

hashtag
Using xfreerdp

Creating RDP session with xfreerdp

hashtag
SNMP - 161, 162, 10161, 10162

LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right

hashtag
Methodology

  1. Look out for default UDP ports used by SNMP: 161, 162, 10161, 10162.

  2. Identify the processes running on the target machine using nmap scripts.

  3. List valid community strings of the server using nmap scripts.

  4. List valid community strings of the server by using snmp_login Metasploit Module.

  5. List all the interfaces of the machine. Use appropriate nmap Script.

hashtag
Using snmp-check

hashtag
Using nmap

hashtag
Identifying Processes

Logosnmp-processes NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Identifying Interfaces

Logosnmp-interfaces NSE script — Nmap Scripting Engine documentationnmap.orgchevron-right

hashtag
Using Metasploit

hashtag
Identifying Valid Community Strings

PreviousNetwork Scanning and EnumerationNextSystem Hacking

Last updated