Samba

Nmap discovered a Samba service on the target ports 139 and 445 The running service is Samba smbd 4.10.4 (workgroup: SAMBA)

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack]
└─$ nmap --script smb-enum-shares -sV -p139,445 $IP
Starting Nmap 7.95 ( https://nmap.org ) at 2025-04-03 06:20 CEST
Nmap scan report for 192.168.144.57
Host is up (0.021s latency).
 
PORT    STATE SERVICE     VERSION
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: SAMBA)
445/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: SAMBA)
Service Info: Host: QUACKERJACK
 
Host script results:
| smb-enum-shares:
|   account_used: <blank>
|   \\192.168.144.57\IPC$:
|     Type: STYPE_IPC_HIDDEN
|     Comment: IPC Service (Samba 4.10.4)
|     Users: 1
|     Max Users: <unlimited>
|     Path: C:\tmp
|     Anonymous access: READ/WRITE
|   \\192.168.144.57\print$:
|     Type: STYPE_DISKTREE
|     Comment: Printer Drivers
|     Users: 0
|     Max Users: <unlimited>
|     Path: C:\var\lib\samba\drivers
|_    Anonymous access: <none>
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 27.03 seconds

Share mapping complete

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack]
└─$ nxc smb $IP -u '' -p '' --shares --interfaces
SMB         192.168.144.57  445    QUACKERJACK      [*] Unix - Samba (name:QUACKERJACK) (domain:) (signing:False) (SMBv1:True)
SMB         192.168.144.57  445    QUACKERJACK      [+] \:
SMB         192.168.144.57  445    QUACKERJACK      [*] Enumerated shares
SMB         192.168.144.57  445    QUACKERJACK      Share           Permissions     Remark
SMB         192.168.144.57  445    QUACKERJACK      -----           -----------     ------
SMB         192.168.144.57  445    QUACKERJACK      print$                          Printer Drivers
SMB         192.168.144.57  445    QUACKERJACK      IPC$                            IPC Service (Samba 4.10.4)

The target Samba server allows anonymous authentication; however, the anonymous user does not have read or write permissions on any enumerated shares. No immediately accessible files or directories were found

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/quackerJack]
└─$ enum4linux -a -r -o -n -A -U $IP
Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Thu Apr  3 06:25:14 2025
 
 =========================================( Target Information )=========================================
 
Target ........... 192.168.144.57
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
 
 
 ===========================( Enumerating Workgroup/Domain on 192.168.144.57 )===========================
 
 
[E] Can't find workgroup/domain
 
 
 
 ===============================( Nbtstat Information for 192.168.144.57 )===============================
 
Looking up status of 192.168.144.57
No reply from 192.168.144.57
 
 ==================================( Session Check on 192.168.144.57 )==================================
 
 
[+] Server 192.168.144.57 allows sessions using username '', password ''
 
 
 ===============================( Getting domain SID for 192.168.144.57 )===============================
 
Domain Name: SAMBA
Domain Sid: (NULL SID)
 
[+] Can't determine if host is part of domain or part of a workgroup
 
 
 ==================================( OS information on 192.168.144.57 )==================================
 
 
[E] Can't get OS info with smbclient
 
 
[+] Got OS info for 192.168.144.57 from srvinfo: 
	QUACKERJACK    Wk Sv PrQ Unx NT SNT Samba 4.10.4
	platform_id     :	500
	os version      :	6.1
	server type     :	0x809a03
 
 
 ======================================( Users on 192.168.144.57 )======================================
 
Use of uninitialized value $users in print at ./enum4linux.pl line 972.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 975.
 
Use of uninitialized value $users in print at ./enum4linux.pl line 986.
Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 988.
 
 ================================( Share Enumeration on 192.168.144.57 )================================
 
 
	Sharename       Type      Comment
	---------       ----      -------
	print$          Disk      Printer Drivers
	IPC$            IPC       IPC Service (Samba 4.10.4)
Reconnecting with SMB1 for workgroup listing.
 
	Server               Comment
	---------            -------
 
	Workgroup            Master
	---------            -------
	SAMBA                
 
[+] Attempting to map shares on 192.168.144.57
 
//192.168.144.57/print$	Mapping: DENIED Listing: N/A Writing: N/A
 
[E] Can't understand response:
 
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \*
//192.168.144.57/IPC$	Mapping: N/A Listing: N/A Writing: N/A
 
 ===========================( Password Policy Information for 192.168.144.57 )===========================
 
 
 
[+] Attaching to 192.168.144.57 using a NULL share
 
[+] Trying protocol 139/SMB...
 
[+] Found domain(s):
 
	[+] QUACKERJACK
	[+] Builtin
 
[+] Password Info for Domain: QUACKERJACK
 
	[+] Minimum password length: 5
	[+] Password history length: None
	[+] Maximum password age: 37 days 6 hours 21 minutes 
	[+] Password Complexity Flags: 000000
 
		[+] Domain Refuse Password Change: 0
		[+] Domain Password Store Cleartext: 0
		[+] Domain Password Lockout Admins: 0
		[+] Domain Password No Clear Change: 0
		[+] Domain Password No Anon Change: 0
		[+] Domain Password Complex: 0
 
	[+] Minimum password age: None
	[+] Reset Account Lockout Counter: 30 minutes 
	[+] Locked Account Duration: 30 minutes 
	[+] Account Lockout Threshold: None
	[+] Forced Log off Time: 37 days 6 hours 21 minutes 
 
 
 
[+] Retieved partial password policy with rpcclient:
 
 
Password Complexity: Disabled
Minimum Password Length: 5
 
 
 ======================================( Groups on 192.168.144.57 )======================================
 
 
[+] Getting builtin groups:
 
 
[+]  Getting builtin group memberships:
 
 
[+]  Getting local groups:
 
 
[+]  Getting local group memberships:
 
 
[+]  Getting domain groups:
 
 
[+]  Getting domain group memberships:
 
 
 =================( Users on 192.168.144.57 via RID cycling (RIDS: 500-550,1000-1050) )=================
 
 
[I] Found new SID: 
S-1-22-1
 
[I] Found new SID: 
S-1-5-32
 
[I] Found new SID: 
S-1-5-32
 
[I] Found new SID: 
S-1-5-32
 
[I] Found new SID: 
S-1-5-32
 
[+] Enumerating users using SID S-1-5-21-358648085-943178687-145195208 and logon username '', password ''
 
S-1-5-21-358648085-943178687-145195208-501 QUACKERJACK\nobody (Local User)
S-1-5-21-358648085-943178687-145195208-513 QUACKERJACK\None (Domain Group)
 
[+] Enumerating users using SID S-1-22-1 and logon username '', password ''
 
 
[+] Enumerating users using SID S-1-5-32 and logon username '', password ''
 
S-1-5-32-544 BUILTIN\Administrators (Local Group)
S-1-5-32-545 BUILTIN\Users (Local Group)
S-1-5-32-546 BUILTIN\Guests (Local Group)
S-1-5-32-547 BUILTIN\Power Users (Local Group)
S-1-5-32-548 BUILTIN\Account Operators (Local Group)
S-1-5-32-549 BUILTIN\Server Operators (Local Group)
S-1-5-32-550 BUILTIN\Print Operators (Local Group)
 
 ==============================( Getting printer info for 192.168.144.57 )==============================
 
No printers returned.
 
 
enum4linux complete on Thu Apr  3 06:27:07 2025

N/A

InfoSec LAB

Explorer

Quackerjack_Samba

Samba

Interactive Graph View

Backlinks