SMB Enumeration Options
The SMB protocol is associated with a lot of options and features to enumerate a domain components such as users, groups, computers, disks, logged on users, etc. The documentation is pretty much explicit about the options we can use: see here. Most of these options require administrative account credentials for a complete information, but we can try to enumerate the targets with or without a privileged accounts.
Flags | Description | Notes |
---|---|---|
| Users that logged on on the target machine | |
| Users whose credentials are used on the target machine, even if not logged on at the present moment | |
| Enumerate disks | |
| Enumerates computers | |
| Issues the specified WMI query | Usually necessitate a privilege account, but not always. |
| WMI Namespace | Default namespace root\cimv2 |
| Perform RID brute force to find domain objects | By default enumerate up to RID 4000. We can specify |
| Enumerate local groups | Only works against the DC and we can not specify a group |
| Enumerate shares folders and permissions | |
| Enumerate domain users | |
| Enumerate domain groups | We can sepcify a |
| Enumerate the domain password policy |
Last updated