adot@kali:~/htb/Machines/Cascade$ enum4linux 10.10.10.182
Starting enum4linux v0.9.1 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Mon Apr 8 14:49:46 2024
=========================================( Target Information )=========================================
Target ........... 10.10.10.182
RID Range ........ 500-550,1000-1050
Username ......... ''
Password ......... ''
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
============================( Enumerating Workgroup/Domain on 10.10.10.182 )============================
[E] Can't find workgroup/domain
================================( Nbtstat Information for 10.10.10.182 )================================
Looking up status of 10.10.10.182
No reply from 10.10.10.182
===================================( Session Check on 10.10.10.182 )===================================
[+] Server 10.10.10.182 allows sessions using username '', password ''
================================( Getting domain SID for 10.10.10.182 )================================
Domain Name: CASCADE
Domain Sid: S-1-5-21-3332504370-1206983947-1165150453
[+] Host is part of a domain (not a workgroup)
===================================( OS information on 10.10.10.182 )===================================
[E] Can't get OS info with smbclient
[+] Got OS info for 10.10.10.182 from srvinfo:
do_cmd: Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED
=======================================( Users on 10.10.10.182 )=======================================
index: 0xee0 RID: 0x464 acb: 0x00000214 Account: a.turnbull Name: Adrian Turnbull Desc: (null)
index: 0xebc RID: 0x452 acb: 0x00000210 Account: arksvc Name: ArkSvc Desc: (null)
index: 0xee4 RID: 0x468 acb: 0x00000211 Account: b.hanson Name: Ben Hanson Desc: (null)
index: 0xee7 RID: 0x46a acb: 0x00000210 Account: BackupSvc Name: BackupSvc Desc: (null)
index: 0xdeb RID: 0x1f5 acb: 0x00000215 Account: CascGuest Name: (null) Desc: Built-in account for guest access to the computer/domain
index: 0xee5 RID: 0x469 acb: 0x00000210 Account: d.burman Name: David Burman Desc: (null)
index: 0xee3 RID: 0x467 acb: 0x00000211 Account: e.crowe Name: Edward Crowe Desc: (null)
index: 0xeec RID: 0x46f acb: 0x00000211 Account: i.croft Name: Ian Croft Desc: (null)
index: 0xeeb RID: 0x46e acb: 0x00000210 Account: j.allen Name: Joseph Allen Desc: (null)
index: 0xede RID: 0x462 acb: 0x00000210 Account: j.goodhand Name: John Goodhand Desc: (null)
index: 0xed7 RID: 0x45c acb: 0x00000210 Account: j.wakefield Name: James Wakefield Desc: (null)
index: 0xeca RID: 0x455 acb: 0x00000210 Account: r.thompson Name: Ryan Thompson Desc: (null)
index: 0xedd RID: 0x461 acb: 0x00000210 Account: s.hickson Name: Stephanie Hickson Desc: (null)
index: 0xebd RID: 0x453 acb: 0x00000210 Account: s.smith Name: Steve Smith Desc: (null)
index: 0xed2 RID: 0x457 acb: 0x00000210 Account: util Name: Util Desc: (null)
user:[CascGuest] rid:[0x1f5]
user:[arksvc] rid:[0x452]
user:[s.smith] rid:[0x453]
user:[r.thompson] rid:[0x455]
user:[util] rid:[0x457]
user:[j.wakefield] rid:[0x45c]
user:[s.hickson] rid:[0x461]
user:[j.goodhand] rid:[0x462]
user:[a.turnbull] rid:[0x464]
user:[e.crowe] rid:[0x467]
user:[b.hanson] rid:[0x468]
user:[d.burman] rid:[0x469]
user:[BackupSvc] rid:[0x46a]
user:[j.allen] rid:[0x46e]
user:[i.croft] rid:[0x46f]
=================================( Share Enumeration on 10.10.10.182 )=================================
do_connect: Connection to 10.10.10.182 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Sharename Type Comment
--------- ---- -------
Reconnecting with SMB1 for workgroup listing.
Unable to connect with SMB1 -- no workgroup available
[+] Attempting to map shares on 10.10.10.182
============================( Password Policy Information for 10.10.10.182 )============================
[+] Attaching to 10.10.10.182 using a NULL share
[+] Trying protocol 139/SMB...
[!] Protocol failed: Cannot request session (Called Name:10.10.10.182)
[+] Trying protocol 445/SMB...
[+] Found domain(s):
[+] CASCADE
[+] Builtin
[+] Password Info for Domain: CASCADE
[+] Minimum password length: 5
[+] Password history length: None
[+] Maximum password age: Not Set
[+] Password Complexity Flags: 000000
[+] Domain Refuse Password Change: 0
[+] Domain Password Store Cleartext: 0
[+] Domain Password Lockout Admins: 0
[+] Domain Password No Clear Change: 0
[+] Domain Password No Anon Change: 0
[+] Domain Password Complex: 0
[+] Minimum password age: None
[+] Reset Account Lockout Counter: 30 minutes
[+] Locked Account Duration: 30 minutes
[+] Account Lockout Threshold: None
[+] Forced Log off Time: Not Set
[+] Retieved partial password policy with rpcclient:
Password Complexity: Disabled
Minimum Password Length: 5
=======================================( Groups on 10.10.10.182 )=======================================
[+] Getting builtin groups:
group:[Pre-Windows 2000 Compatible Access] rid:[0x22a]
group:[Incoming Forest Trust Builders] rid:[0x22d]
group:[Windows Authorization Access Group] rid:[0x230]
group:[Terminal Server License Servers] rid:[0x231]
group:[Users] rid:[0x221]
group:[Guests] rid:[0x222]
group:[Remote Desktop Users] rid:[0x22b]
group:[Network Configuration Operators] rid:[0x22c]
group:[Performance Monitor Users] rid:[0x22e]
group:[Performance Log Users] rid:[0x22f]
group:[Distributed COM Users] rid:[0x232]
group:[IIS_IUSRS] rid:[0x238]
group:[Cryptographic Operators] rid:[0x239]
group:[Event Log Readers] rid:[0x23d]
group:[Certificate Service DCOM Access] rid:[0x23e]
[+] Getting builtin group memberships:
Group: Windows Authorization Access Group' (RID: 560) has member: NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
Group: Users' (RID: 545) has member: NT AUTHORITY\INTERACTIVE
Group: Users' (RID: 545) has member: NT AUTHORITY\Authenticated Users
Group: Users' (RID: 545) has member: CASCADE\Domain Users
Group: Guests' (RID: 546) has member: CASCADE\CascGuest
Group: Guests' (RID: 546) has member: CASCADE\Domain Guests
Group: Pre-Windows 2000 Compatible Access' (RID: 554) has member: NT AUTHORITY\Authenticated Users
[+] Getting local groups:
group:[Cert Publishers] rid:[0x205]
group:[RAS and IAS Servers] rid:[0x229]
group:[Allowed RODC Password Replication Group] rid:[0x23b]
group:[Denied RODC Password Replication Group] rid:[0x23c]
group:[DnsAdmins] rid:[0x44e]
group:[IT] rid:[0x459]
group:[Production] rid:[0x45a]
group:[HR] rid:[0x45b]
group:[AD Recycle Bin] rid:[0x45f]
group:[Backup] rid:[0x460]
group:[Temps] rid:[0x463]
group:[WinRMRemoteWMIUsers__] rid:[0x465]
group:[Remote Management Users] rid:[0x466]
group:[Factory] rid:[0x46c]
group:[Finance] rid:[0x46d]
group:[Audit Share] rid:[0x471]
group:[Data Share] rid:[0x472]
[+] Getting local group memberships:
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\krbtgt
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Domain Controllers
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Schema Admins
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Enterprise Admins
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Cert Publishers
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Domain Admins
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Group Policy Creator Owners
Group: Denied RODC Password Replication Group' (RID: 572) has member: CASCADE\Read-only Domain Controllers
Group: HR' (RID: 1115) has member: CASCADE\s.hickson
Group: Remote Management Users' (RID: 1126) has member: CASCADE\arksvc
Group: Remote Management Users' (RID: 1126) has member: CASCADE\s.smith
Group: AD Recycle Bin' (RID: 1119) has member: CASCADE\arksvc
Group: IT' (RID: 1113) has member: CASCADE\arksvc
Group: IT' (RID: 1113) has member: CASCADE\s.smith
Group: IT' (RID: 1113) has member: CASCADE\r.thompson
Group: Audit Share' (RID: 1137) has member: CASCADE\s.smith
Group: Data Share' (RID: 1138) has member: CASCADE\Domain Users
[+] Getting domain groups:
group:[Enterprise Read-only Domain Controllers] rid:[0x1f2]
group:[Domain Users] rid:[0x201]
group:[Domain Guests] rid:[0x202]
group:[Domain Computers] rid:[0x203]
group:[Group Policy Creator Owners] rid:[0x208]
group:[DnsUpdateProxy] rid:[0x44f]
[+] Getting domain group memberships:
Group: 'Domain Guests' (RID: 514) has member: CASCADE\CascGuest
Group: 'Domain Users' (RID: 513) has member: CASCADE\administrator
Group: 'Domain Users' (RID: 513) has member: CASCADE\krbtgt
Group: 'Domain Users' (RID: 513) has member: CASCADE\arksvc
Group: 'Domain Users' (RID: 513) has member: CASCADE\s.smith
Group: 'Domain Users' (RID: 513) has member: CASCADE\r.thompson
Group: 'Domain Users' (RID: 513) has member: CASCADE\util
Group: 'Domain Users' (RID: 513) has member: CASCADE\j.wakefield
Group: 'Domain Users' (RID: 513) has member: CASCADE\s.hickson
Group: 'Domain Users' (RID: 513) has member: CASCADE\j.goodhand
Group: 'Domain Users' (RID: 513) has member: CASCADE\a.turnbull
Group: 'Domain Users' (RID: 513) has member: CASCADE\e.crowe
Group: 'Domain Users' (RID: 513) has member: CASCADE\b.hanson
Group: 'Domain Users' (RID: 513) has member: CASCADE\d.burman
Group: 'Domain Users' (RID: 513) has member: CASCADE\BackupSvc
Group: 'Domain Users' (RID: 513) has member: CASCADE\j.allen
Group: 'Domain Users' (RID: 513) has member: CASCADE\i.croft
Group: 'Group Policy Creator Owners' (RID: 520) has member: CASCADE\administrator
==================( Users on 10.10.10.182 via RID cycling (RIDS: 500-550,1000-1050) )==================
[I] Found new SID:
S-1-5-21-3332504370-1206983947-1165150453
[I] Found new SID:
S-1-5-21-2189247330-517467924-712900258
[+] Enumerating users using SID S-1-5-21-3332504370-1206983947-1165150453 and logon username '', password ''
S-1-5-21-3332504370-1206983947-1165150453-500 CASCADE\administrator (Local User)
S-1-5-21-3332504370-1206983947-1165150453-501 CASCADE\CascGuest (Local User)
S-1-5-21-3332504370-1206983947-1165150453-502 CASCADE\krbtgt (Local User)
S-1-5-21-3332504370-1206983947-1165150453-512 CASCADE\Domain Admins (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-513 CASCADE\Domain Users (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-514 CASCADE\Domain Guests (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-515 CASCADE\Domain Computers (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-516 CASCADE\Domain Controllers (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-517 CASCADE\Cert Publishers (Local Group)
S-1-5-21-3332504370-1206983947-1165150453-518 CASCADE\Schema Admins (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-519 CASCADE\Enterprise Admins (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-520 CASCADE\Group Policy Creator Owners (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-521 CASCADE\Read-only Domain Controllers (Domain Group)
S-1-5-21-3332504370-1206983947-1165150453-1001 CASCADE\CASC-DC1$ (Local User)
[+] Enumerating users using SID S-1-5-21-2189247330-517467924-712900258 and logon username '', password ''
S-1-5-21-2189247330-517467924-712900258-500 CASC-DC1\Administrator (Local User)
S-1-5-21-2189247330-517467924-712900258-501 CASC-DC1\Guest (Local User)
S-1-5-21-2189247330-517467924-712900258-513 CASC-DC1\None (Domain Group)
===============================( Getting printer info for 10.10.10.182 )===============================
do_cmd: Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED
enum4linux complete on Mon Apr 8 14:55:22 2024
Last updated
Was this helpful?