SMB
As can be seen from the Nmap scan result earlier, the null session authentication to the SMB server is possible via anonymous login
smbclient
┌──(kali㉿kali)-[~/archive/htb/labs/mantis]
└─$ smbclient -L //htb.local/
Password for [WORKGROUP\kali]:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to htb.local failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available
Doing so allows me to connect to the SMB server However I am unable to list the shares, which is likely due to lack of privileges
There isn’t much that I can do here without credential for now
enum4linux
┌──(kali㉿kali)-[~/archive/htb/labs/mantis]
└─$ enum4linux -a -r -o -n -A -U $IP
starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Tue Jan 10 15:48:23 2023
[...REDACTED...]
=================================( Getting domain SID for 10.10.10.52 )=================================
domain name: HTB
domain sid: S-1-5-21-4220043660-4019079961-2895681657
[+] Host is part of a domain (not a workgroup)
[...REDACTED...]
enum4linux complete on tue jan 10 15:48:48 2023enum4linux could not get much as I did not supply a valid credential, but I got the domain SID
S-1-5-21-4220043660-4019079961-2895681657