Posted: Sat Mar 26, 2005 6:45 pm Post subject: Windows Share Enumeration/Hacking from a Linux Host
I am trying to do some Enumeration/null session hacking from linux against a windows host.
I am able to set up the null session and use the windows tools to pull down account information using userinfo/userdump, enum, and sid2user/user2sid from my windows machine but now i am trying to do it using on Linux.
I am able to connect to the IPC$ share using smbclient but cant get the one and only tool i was able to find, smbdumpusers, to work (i am getting " ERROR: LSARetrieveUserInfo()" error on one host and "ERROR: SMBNTCreateAndX()" for another. Both windows boxes have the firewalls turned off and i can create null sessions to each of them from another windows client. I basically want to get information i can pull down with getuserinfo and sid2user/user2sid. user accts, shares, SIDs, so i can find the real administrator account. etc.
If anyone thinks the tools (userinfo, enum, sid2user, etc) might run in wine, i am willing to give that a shot, but i am basically trying to find a way to do all the windows enumeration i usually do with another windows host on a linux box (hopefully using only commandline tools).
Can anyone recommend any tutorials, tools, tricks, help, etc out there?
i'll add a little more info after messing with it some more. The error seems to be because those two windows hosts are running windowsXP. I tried the program on an NT server and Windows 2000 adv Server and was able to pull down some details.
smbdumpuser will give you the sid and username and thats about it
anything out there that can give more detailed info on the linux side?
Last edited by gat0r on Mon Jan 16, 2006 6:42 pm; edited 1 time in total
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum