Service Enumeration
Last updated
Last updated
Bruteforcing Credentials
Port | Protocol | Service |
---|---|---|
137 | UDP | NetBIOS Name Service (NBNS) |
138 | UDP | NetBIOS Datagram Service (NDS) |
139 | TCP | NetBIOS over TCP/IP (NBT) |
Windows Command Line Utility
Check for local cache
-sV
- Version Enumeration
-sU
- UDP scan
Server Message Block
Look out for
Network File Shares
Logged in User Details
Workgroups
Security Level Information
Domains and Services
Port | Protocol | Service |
---|---|---|
137 | UDP | NetBIOS Name Service (NBNS) by SMB |
138 | UDP | NetBIOS Datagram Service (NDS) by SMB |
139 | TCP | SMB in conjunction with NetBIOS over TCP/IP (NBT) |
445 | TCP | Primary Port |
netbios-ssn
microsoft-ds
To list all scripts by Nmap for SMB enumeration
smbclient -L
- List shares on a machine using NULL Session
smbclient -L <target_IP> -U username%password
- List shares on a machine using a valid username + password
smbclient //<target>/<share$> -U username%password
- Connect to a valid share with username + password
Check for running services on the target and confirm if RDP is running on any open port.
Use Metasploit to confirm the services running is RDP.
Use hydra to brute force the login credentials.
Use RDP tools to login into the victim's machine.
Bruteforcing login credentials
Creating RDP session with xfreerdp
Look out for default UDP ports used by SNMP: 161, 162, 10161, 10162.
Identify the processes running on the target machine using nmap scripts.
List valid community strings of the server using nmap scripts.
List valid community strings of the server by using snmp_login Metasploit Module.
List all the interfaces of the machine. Use appropriate nmap Script.