Penetration Testing mailing list archives

Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX

From: Vanja Hrustic <vanja () RELAYGROUP COM>
Date: Sun, 25 Mar 2001 00:40:34 +0700

On Fri, Mar 23, 2001 at 02:39:12PM -0500, Rick Redman wrote:

Does any one know of any good Windows NT/2000 Enumerators for UNIX/Linux?


'rpcclient' from Samba TNG can help you obtain huge amounts of information about remote NT box (user/share/service 
enumeration, etc.)

For example:

[root@x rpcclient]# ./rpcclient -S victim -c 'dispinfo' -U "" | grep "Account Name:"
        Account Name:   Administrator
        Account Name:   Backup
        Account Name:   Guest
        Account Name:   IUSR_TOWER
        Account Name:   IWAM_TOWER
        Account Name:   Operator
        Account Name:   test user
        Account Name:   User1
        Account Name:   vanja
        Account Name:   vptest
[root@x rpcclient]#

It looks like:

[root@x rpcclient]# ./rpcclient -S victim -U ""
added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx nmask=xxx.xxx.xxx.xxx
Server: \\VICTIM:        User:           Domain:
Connection:     OK
[VICTIM]$ help
help
lsaquery       lsaenumdomains lookupsids     lookupnames    createsecret
setsecret      querysecretsecobjquerysecret    enumprivs      privinfo
lsaenumsids    time           brsinfo        wksinfo        srvinfo
srvsessions    srvshares      srvshareinfo   srvsharedel    srvtransports
srvconnections srvfiles       eventlog       lookupdomain   samlookuprids
samlookupnames enumusers      addgroupmem    addaliasmem    delgroupmem
delaliasmem    creategroup    createalias    createuser     deluser
delgroup       delalias       ntpass         samquerysec    samuserset2
samuserset     samuser        samgroup       samalias       samaliasmem
samgroupmem    samtest        enumaliases    enumdomains    enumgroups
dominfo        dispinfo       svcenum        svcinfo        svcstart
svcset         svcstop        svcunk3        svcgetsec      regenum
regdeletekey   regcreatekey   shutdown       abortshutdown  regqueryval
regquerykey    regdeleteval   regcreateval   reggetsec      regtestsec
ntlogin        domlist        domtrust       samsync        at
spoolenum      spoolenumdatas spooljobs      spoolopen      spoolgetdata
spoolgetprinterspoolenumprinterdriversspoolgetprinterdriverspoolgetprinterdriverdirdfsenum
dfsadd         dfsremove      set            use            quit
q              exit           bye            help           ?
[VICTIM]$

The version I'm using is pretty old (TNG was not 'forked' at that time) - I presume newer releases have more features 
and/or are more stable.

Hope this is what you're looking for.

Vanja

Current thread:

[PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX Rick Redman (Mar 23)
- Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX Ben Ford (Mar 24)
- Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX npavitt (Mar 24)
- Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX H D Moore (Mar 24)
- Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX George Hedfors (Mar 24)
- Re: [PEN-TEST] Windows NT/2000 Enumerators for Linux/UNIX Vanja Hrustic (Mar 24)