Penetration Testing: Re: Samba hacking ?

[David Cravshaw <david.cravshaw () gmail com>]

Note that to do an "anonymous" enumeration of shares, you will have to
specify an information level of 1, i.e.

rpcclient -c "netshareenum 1" -U % <ip_or_hostname>

By default, rpcclient attempts to enumerate shares at a higher privilege level.

This was on debian with smbclient 3.0.10-1

On Apr 4, 2005 10:10 AM, Jon Hart <warchild () spoofed org> wrote:
> On Fri, Apr 01, 2005 at 01:12:10PM +0200, Frederic Charpentier wrote:
> > Hi Bones,
> > Concerning samba enumeration, you can use samba-tng to get more than
> > share names.
> >
> > (with $rpc = samba-tng's smbclient, maybe it works with normal samba now)
> rpcclient (at least as provided with Debian's smbclient package) is
> quite useful.
>
> `rpcclient -c help -N $ip` will give you a list of all the commands.
> Definitely check out the commands listed under the SRVSVC and SAMR
> sections.
>
> -jon