Service Enumeration
Last updated
Last updated
Bruteforcing Credentials
Windows Command Line Utility
Check for local cache
-sV
- Version Enumeration
-sU
- UDP scan
Server Message Block
Look out for
Network File Shares
Logged in User Details
Workgroups
Security Level Information
Domains and Services
netbios-ssn
microsoft-ds
To list all scripts by Nmap for SMB enumeration
smbclient -L
- List shares on a machine using NULL Session
smbclient -L <target_IP> -U username%password
- List shares on a machine using a valid username + password
smbclient //<target>/<share$> -U username%password
- Connect to a valid share with username + password
Check for running services on the target and confirm if RDP is running on any open port.
Use Metasploit to confirm the services running is RDP.
Use hydra to brute force the login credentials.
Use RDP tools to login into the victim's machine.
Bruteforcing login credentials
Creating RDP session with xfreerdp
Look out for default UDP ports used by SNMP: 161, 162, 10161, 10162.
Identify the processes running on the target machine using nmap scripts.
List valid community strings of the server using nmap scripts.
List valid community strings of the server by using snmp_login Metasploit Module.
List all the interfaces of the machine. Use appropriate nmap Script.
Port | Protocol | Service |
---|---|---|
Port | Protocol | Service |
---|---|---|
137
UDP
NetBIOS Name Service (NBNS)
138
UDP
NetBIOS Datagram Service (NDS)
139
TCP
NetBIOS over TCP/IP (NBT)
137
UDP
NetBIOS Name Service (NBNS) by SMB
138
UDP
NetBIOS Datagram Service (NDS) by SMB
139
TCP
SMB in conjunction with NetBIOS over TCP/IP (NBT)
445
TCP
Primary Port