Re: Samba hacking ?
From: David Cravshaw (david.cravshaw_at_gmail.com)
Date: 04/06/05
- Previous message: Daniel: "Re: Apple pentesting"
- In reply to: Jon Hart: "Re: Samba hacking ?"
- Next in thread: T: "Re: Samba hacking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 5 Apr 2005 23:41:06 -0500 To: pen-test@securityfocus.com
Note that to do an "anonymous" enumeration of shares, you will have to
specify an information level of 1, i.e.
rpcclient -c "netshareenum 1" -U % <ip_or_hostname>
By default, rpcclient attempts to enumerate shares at a higher privilege level.
This was on debian with smbclient 3.0.10-1
On Apr 4, 2005 10:10 AM, Jon Hart <warchild@spoofed.org> wrote:
> On Fri, Apr 01, 2005 at 01:12:10PM +0200, Frederic Charpentier wrote:
> > Hi Bones,
> > Concerning samba enumeration, you can use samba-tng to get more than
> > share names.
> >
> > (with $rpc = samba-tng's smbclient, maybe it works with normal samba now)
>
> rpcclient (at least as provided with Debian's smbclient package) is
> quite useful.
>
> `rpcclient -c help -N $ip` will give you a list of all the commands.
> Definitely check out the commands listed under the SRVSVC and SAMR
> sections.
>
> -jon
>
- Previous message: Daniel: "Re: Apple pentesting"
- In reply to: Jon Hart: "Re: Samba hacking ?"
- Next in thread: T: "Re: Samba hacking ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
