445
adot@pwndot:~/htb/outdated$ netexec smb 10.10.11.175 -u '' -p ''
SMB 10.10.11.175 445 DC [*] Windows 10 / Server 2019 Build 17763 x64 (name:DC) (domain:outdated.htb) (signing:True) (SMBv1:False)
SMB 10.10.11.175 445 DC [+] outdated.htb\:
adot@pwndot:~/htb/outdated$ netexec smb 10.10.11.175 -u 'Guest' -p ''
SMB 10.10.11.175 445 DC [*] Windows 10 / Server 2019 Build 17763 x64 (name:DC) (domain:outdated.htb) (signing:True) (SMBv1:False)
SMB 10.10.11.175 445 DC [+] outdated.htb\Guest:
adot@pwndot:~/htb/outdated$ netexec smb 10.10.11.175 -u 'Guest' -p '' --rid-brute
SMB 10.10.11.175 445 DC [*] Windows 10 / Server 2019 Build 17763 x64 (name:DC) (domain:outdated.htb) (signing:True) (SMBv1:False)
SMB 10.10.11.175 445 DC [+] outdated.htb\Guest:
SMB 10.10.11.175 445 DC 498: OUTDATED\Enterprise Read-only Domain Controllers (SidTypeGroup)
SMB 10.10.11.175 445 DC 500: OUTDATED\Administrator (SidTypeUser)
SMB 10.10.11.175 445 DC 501: OUTDATED\Guest (SidTypeUser)
SMB 10.10.11.175 445 DC 502: OUTDATED\krbtgt (SidTypeUser)
SMB 10.10.11.175 445 DC 512: OUTDATED\Domain Admins (SidTypeGroup)
SMB 10.10.11.175 445 DC 513: OUTDATED\Domain Users (SidTypeGroup)
SMB 10.10.11.175 445 DC 514: OUTDATED\Domain Guests (SidTypeGroup)
SMB 10.10.11.175 445 DC 515: OUTDATED\Domain Computers (SidTypeGroup)
SMB 10.10.11.175 445 DC 516: OUTDATED\Domain Controllers (SidTypeGroup)
SMB 10.10.11.175 445 DC 517: OUTDATED\Cert Publishers (SidTypeAlias)
SMB 10.10.11.175 445 DC 518: OUTDATED\Schema Admins (SidTypeGroup)
SMB 10.10.11.175 445 DC 519: OUTDATED\Enterprise Admins (SidTypeGroup)
SMB 10.10.11.175 445 DC 520: OUTDATED\Group Policy Creator Owners (SidTypeGroup)
SMB 10.10.11.175 445 DC 521: OUTDATED\Read-only Domain Controllers (SidTypeGroup)
SMB 10.10.11.175 445 DC 522: OUTDATED\Cloneable Domain Controllers (SidTypeGroup)
SMB 10.10.11.175 445 DC 525: OUTDATED\Protected Users (SidTypeGroup)
SMB 10.10.11.175 445 DC 526: OUTDATED\Key Admins (SidTypeGroup)
SMB 10.10.11.175 445 DC 527: OUTDATED\Enterprise Key Admins (SidTypeGroup)
SMB 10.10.11.175 445 DC 553: OUTDATED\RAS and IAS Servers (SidTypeAlias)
SMB 10.10.11.175 445 DC 571: OUTDATED\Allowed RODC Password Replication Group (SidTypeAlias)
SMB 10.10.11.175 445 DC 572: OUTDATED\Denied RODC Password Replication Group (SidTypeAlias)
SMB 10.10.11.175 445 DC 1000: OUTDATED\WSUS Administrators (SidTypeAlias)
SMB 10.10.11.175 445 DC 1001: OUTDATED\WSUS Reporters (SidTypeAlias)
SMB 10.10.11.175 445 DC 1002: OUTDATED\DC$ (SidTypeUser)
SMB 10.10.11.175 445 DC 1103: OUTDATED\DnsAdmins (SidTypeAlias)
SMB 10.10.11.175 445 DC 1104: OUTDATED\DnsUpdateProxy (SidTypeGroup)
SMB 10.10.11.175 445 DC 1105: OUTDATED\CLIENT$ (SidTypeUser)
SMB 10.10.11.175 445 DC 1106: OUTDATED\btables (SidTypeUser)
SMB 10.10.11.175 445 DC 1107: OUTDATED\ITStaff (SidTypeGroup)
SMB 10.10.11.175 445 DC 1108: OUTDATED\sflowers (SidTypeUser)
adot@pwndot:~/htb/outdated$ netexec smb 10.10.11.175 -u 'Guest' -p '' --shares
SMB 10.10.11.175 445 DC [*] Windows 10 / Server 2019 Build 17763 x64 (name:DC) (domain:outdated.htb) (signing:True) (SMBv1:False)
SMB 10.10.11.175 445 DC [+] outdated.htb\Guest:
SMB 10.10.11.175 445 DC [*] Enumerated shares
SMB 10.10.11.175 445 DC Share Permissions Remark
SMB 10.10.11.175 445 DC ----- ----------- ------
SMB 10.10.11.175 445 DC ADMIN$ Remote Admin
SMB 10.10.11.175 445 DC C$ Default share
SMB 10.10.11.175 445 DC IPC$ READ Remote IPC
SMB 10.10.11.175 445 DC NETLOGON Logon server share
SMB 10.10.11.175 445 DC Shares READ
SMB 10.10.11.175 445 DC SYSVOL Logon server share
SMB 10.10.11.175 445 DC UpdateServicesPackages A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system.
SMB 10.10.11.175 445 DC WsusContent A network share to be used by Local Publishing to place published content on this WSUS system.
SMB 10.10.11.175 445 DC WSUSTemp A network share used by Local Publishing from a Remote WSUS Console Instance.
adot@pwndot:~/htb/outdated$ smbclient //10.10.11.175/Shares -U Guest%''
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Mon Jun 20 10:01:33 2022
.. D 0 Mon Jun 20 10:01:33 2022
NOC_Reminder.pdf AR 106977 Mon Jun 20 10:00:32 2022
9116415 blocks of size 4096. 1406519 blocks available
smb: \> get NOC_Reminder.pdf
getting file \NOC_Reminder.pdf of size 106977 as NOC_Reminder.pdf (370.5 KiloBytes/sec) (average 370.5 KiloBytes/sec)
smb: \> exitLast updated
Was this helpful?
