3 :139 :445 smb
$ nmap -p 139,445 --script=smb-enum-shares.nse,smb-enum-users.nse $ip
Starting Nmap 7.91 ( https://nmap.org ) at 2021-09-04 11:27 PDT
Nmap scan report for 192.168.144.58
Host is up (0.072s latency).
PORT STATE SERVICE
139/tcp open netbios-ssn
445/tcp open microsoft-ds
Host script results:
| smb-enum-shares:
| account_used: <blank>
| \\192.168.144.58\IPC$:
| Type: STYPE_IPC_HIDDEN
| Comment: IPC Service (Samba 4.10.4)
| Users: 1
| Max Users: <unlimited>
| Path: C:\tmp
| Anonymous access: READ/WRITE
| \\192.168.144.58\print$:
| Type: STYPE_DISKTREE
| Comment: Printer Drivers
| Users: 0
| Max Users: <unlimited>
| Path: C:\var\lib\samba\drivers
|_ Anonymous access: <none>
Nmap done: 1 IP address (1 host up) scanned in 22.39 seconds
$ smbmap -H $ip
[+] IP: 192.168.144.58:445 Name: 192.168.144.58
Disk Permissions Comment
---- ----------- -------
print$ NO ACCESS Printer Drivers
IPC$ NO ACCESS IPC Service (Samba 4.10.4)
# enum4linux
[+] Got OS info for 192.168.144.58 from srvinfo:
SNOOKUMS Wk Sv PrQ Unx NT SNT Samba 4.10.4
platform_id : 500
os version : 6.1
server type : 0x809a03
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
S-1-22-1-1000 Unix User\michael (Local User)Last updated