Nmap Development mailing list archives
Help with smb-enum-users.nse
From: Abuse 007 <abuse007 () gmail com>
Date: Thu, 30 Aug 2012 14:08:26 +1000
Hi All, With smb-enum-users.nse I get 20 entries via SAMR against a Windows 2008 R2 host that's a DC. If I increase the SMAR count I can get up to 100 entries. If I modify the script so that it loops regardless of the return code (which is 0), the reply to the second querydisplayinfo request does not contain any additional entries. I'm confused by this behavour. I thought Windows would be an all or nothing type thing. A differnet tool, winfo.exe, is able to enumerate a little over 500 accounts. I'm not sure of it's exact technique. Should the SAMR technique be able to enumerate more users? Also, the smb-enum-users.nse LSA RID bruteforcing method fails. This is prossibly because no authentication credentials have been supplied. Thanks, Ab _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Help with smb-enum-users.nse Abuse 007 (Aug 29)
- Re: Help with smb-enum-users.nse Ron (Aug 30)
- Re: Help with smb-enum-users.nse Abuse 007 (Aug 30)
- Re: Help with smb-enum-users.nse Abuse 007 (Sep 01)
- Re: Help with smb-enum-users.nse Abuse 007 (Sep 02)
- Re: Help with smb-enum-users.nse Abuse 007 (Aug 30)
- Re: Help with smb-enum-users.nse Ron (Aug 30)