2 :139 :445 smb

$ nmap -p 139,445 --script=smb-enum-shares.nse,smb-enum-users.nse $ip

Host script results:
| smb-enum-shares:
|   account_used: <blank>
|   \\192.168.197.71\IPC$:
|     Type: STYPE_IPC_HIDDEN
|     Comment: IPC Service (Samba 4.7.6-Ubuntu)
|     Users: 1
|     Max Users: <unlimited>
|     Path: C:\tmp
|     Anonymous access: READ/WRITE
|   \\192.168.197.71\backups:
|     Type: STYPE_DISKTREE
|     Comment: Share for backups
|     Users: 0
|     Max Users: <unlimited>
|     Path: C:\opt\samba
|_    Anonymous access: READ/WRITE

$ smbmap -H $ip
[+] Guest session       IP: 192.168.197.71:445  Name: 192.168.197.71
        Disk                                                    Permissions     Comment
        ----                                                    -----------     -------
        backups                                                 READ ONLY       Share for backups
        IPC$                                                    NO ACCESS       IPC Service (Samba 4.7.6-Ubuntu)

$ smbclient //192.168.197.71/backups
Enter WORKGROUP\kashz's password:
Anonymous login successful
Try "help" to get a list of possible commands.
smb: \> dir
  .                                   D        0  Mon Jul  6 00:46:41 2020
  ..                                  D        0  Mon Jul  6 00:46:41 2020
  passwd.bak                          N     1747  Mon Jul  6 00:46:41 2020

# its /etc/passwd file
$ cat passwd.bak
root:x:0:0:root:/root:/bin/bash
[truncated]
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
neil:x:1000:1000:neil,,,:/home/neil:/bin/bash
postgres:x:111:116:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash

# enum4linux
[+] Got OS info for 192.168.197.71 from srvinfo:
        BRATARINA      Wk Sv PrQ Unx NT SNT Samba 4.7.6-Ubuntu
        platform_id     :       500
        os version      :       6.1
        server type     :       0x809a03
		
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
S-1-22-1-1000 Unix User\neil (Local User)