Getting Started
SMB protocol
LDAP protocol
WINRM protocol
SSH protocol
Enumerate null sessions
Checking if Null Session is enabled on the network, can be very useful on a Domain Controller to enumerate users, groups, password policy etc
1
#~ cme smb 10.10.10.161 -u '' -p ''
2
#~ cme smb 10.10.10.161 --pass-pol
3
#~ cme smb 10.10.10.161 --users
4
#~ cme smb 10.10.10.161 --groups
Copied!
You can also reproduce this behavior with
smbclient or rpcclient1
smbclient -N -U "" -L \\10.10.10.161
Copied!
1
rpcclient -N -U "" -L \\10.10.10.161
2
rpcclient gt; enumdomusers
3
user:[bonclay] rid:[0x46e]
4
user:[zoro] rid:[0x46f]
5
β
Copied!
Example
Forest or Monteverde machines are good examples to test null session authentication with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/212
www.hackthebox.eu
https://www.hackthebox.eu/home/machines/profile/223
www.hackthebox.eu
β
Last modified 11mo ago
Copy link
Contents
Example