anode Posted June 8, 2015 Share Posted June 8, 2015 I've tried agaist XP, Win7 and Server 2012 R2. VMs and real machines and 2 dirrerent networks. Typical output: nmap --script smb-enum-users.nse -p445 192.168.1.70 Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-08 10:32 EDT Nmap scan report for 192.168.1.70 Host is up (0.0012s latency). PORT STATE SERVICE 445/tcp open microsoft-ds MAC Address: 00:1C:42:6F:D1:A1 (Parallels) Nmap done: 1 IP address (1 host up) scanned in 15.79 seconds Ideas? Suggestions? Quote Link to comment Share on other sites More sharing options...
phpsystems Posted June 9, 2015 Share Posted June 9, 2015 Try running the command with -vv to see what is happening. Also, you shouldn't need the .nse part, but may also require an equals sign. Ie, --script=smb-enum-users Tim Quote Link to comment Share on other sites More sharing options...
digip Posted June 9, 2015 Share Posted June 9, 2015 can try UDP ports 135-139 too Quote Link to comment Share on other sites More sharing options...
anode Posted June 10, 2015 Author Share Posted June 10, 2015 Thanks guys! The -vv and additional ports have same results. the -vv doesn't show (to me) and error/issues XP SP3: Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-09 20:43 EDT NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating ARP Ping Scan at 20:43 Scanning 192.168.1.188 [1 port] Completed ARP Ping Scan at 20:43, 0.07s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 20:43 Completed Parallel DNS resolution of 1 host. at 20:44, 13.00s elapsed Initiating SYN Stealth Scan at 20:44 Scanning 192.168.1.188 [2 ports] Discovered open port 445/tcp on 192.168.1.188 Discovered open port 139/tcp on 192.168.1.188 Completed SYN Stealth Scan at 20:44, 0.08s elapsed (2 total ports) Initiating UDP Scan at 20:44 Scanning 192.168.1.188 [1 port] Discovered open port 137/udp on 192.168.1.188 Completed UDP Scan at 20:44, 0.09s elapsed (1 total ports) NSE: Script scanning 192.168.1.188. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 20:44 Completed NSE at 20:44, 0.72s elapsed Nmap scan report for 192.168.1.188 Host is up (0.00066s latency). Scanned at 2015-06-09 20:43:58 EDT for 14s PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds 137/udp open netbios-ns MAC Address: XX:XX:XX:XX:XX:XX (Asustek Computer) NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read data files from: /usr/bin/../share/nmap Nmap done: 1 IP address (1 host up) scanned in 16.18 seconds Raw packets sent: 4 (194B) | Rcvd: 4 (337B) Quote Link to comment Share on other sites More sharing options...
digip Posted June 10, 2015 Share Posted June 10, 2015 if you want to test and you are on a windows box, try an nbtstat against a known host that has netbios names enabled on the nic settings (and netbios over tcp if not using UDP port scanns) and the services "computer browser", "server", and workstation are all up(on the target). Alternative is try nbtscan (which can do more than one IP at a time like nmap does, ie: 192.168.1.0/24), but just because a port is open, doesn't mean the services for it will respond with the netbios name. http://www.unixwiz.net/tools/nbtscan.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.