Jump to content

nmap smb-enum-users comes up empty


anode

Recommended Posts

I've tried agaist XP, Win7 and Server 2012 R2. VMs and real machines and 2 dirrerent networks.

Typical output:

 nmap --script smb-enum-users.nse -p445 192.168.1.70

Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-08 10:32 EDT
Nmap scan report for 192.168.1.70
Host is up (0.0012s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds
MAC Address: 00:1C:42:6F:D1:A1 (Parallels)

Nmap done: 1 IP address (1 host up) scanned in 15.79 seconds

Ideas? Suggestions?

Link to comment
Share on other sites

Thanks guys!

The -vv and additional ports have same results.

the -vv doesn't show (to me) and error/issues

XP SP3:

Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-09 20:43 EDT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating ARP Ping Scan at 20:43
Scanning 192.168.1.188 [1 port]
Completed ARP Ping Scan at 20:43, 0.07s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:43
Completed Parallel DNS resolution of 1 host. at 20:44, 13.00s elapsed
Initiating SYN Stealth Scan at 20:44
Scanning 192.168.1.188 [2 ports]
Discovered open port 445/tcp on 192.168.1.188
Discovered open port 139/tcp on 192.168.1.188
Completed SYN Stealth Scan at 20:44, 0.08s elapsed (2 total ports)
Initiating UDP Scan at 20:44
Scanning 192.168.1.188 [1 port]
Discovered open port 137/udp on 192.168.1.188
Completed UDP Scan at 20:44, 0.09s elapsed (1 total ports)
NSE: Script scanning 192.168.1.188.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 20:44
Completed NSE at 20:44, 0.72s elapsed
Nmap scan report for 192.168.1.188
Host is up (0.00066s latency).
Scanned at 2015-06-09 20:43:58 EDT for 14s
PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
137/udp open  netbios-ns
MAC Address: XX:XX:XX:XX:XX:XX (Asustek Computer)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 16.18 seconds
           Raw packets sent: 4 (194B) | Rcvd: 4 (337B)
Link to comment
Share on other sites

if you want to test and you are on a windows box, try an nbtstat against a known host that has netbios names enabled on the nic settings (and netbios over tcp if not using UDP port scanns) and the services "computer browser", "server", and workstation are all up(on the target).

Alternative is try nbtscan (which can do more than one IP at a time like nmap does, ie: 192.168.1.0/24), but just because a port is open, doesn't mean the services for it will respond with the netbios name.

http://www.unixwiz.net/tools/nbtscan.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...