Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-18 06:31 CST
Nmap scan report for 192.168.0.1
Host is up (0.00044s latency).
MAC Address: 24:69:8E:07:FE:4E (Shenzhen Mercury Communication Technologies)
Nmap scan report for 192.168.0.100
Host is up (0.22s latency).
MAC Address: DA:3F:DF:36:C2:F8 (Unknown)
Nmap scan report for 192.168.0.101
Host is up (0.20s latency).
MAC Address: 7A:7D:03:A2:2C:73 (Unknown)
Nmap scan report for 192.168.0.102
Host is up (0.00022s latency).
MAC Address: 08:00:27:EA:22:6D (Oracle VirtualBox virtual NIC)
Nmap scan report for 192.168.0.105
Host is up (0.20s latency).
MAC Address: C8:94:02:0F:E5:33 (Chongqing Fugui Electronics)
Nmap scan report for 192.168.0.106
Host is up (0.20s latency).
MAC Address: D2:66:41:4A:73:EF (Unknown)
Nmap scan report for 192.168.0.109
Host is up (0.0011s latency).
MAC Address: E8:6A:64:83:2C:C0 (Lcfc(hefei) Electronics Technology)
Nmap scan report for 192.168.0.104
Host is up.
Nmap done: 256 IP addresses (9 hosts up) scanned in 5.89 seconds
ENUM4LINUX - next generation
==========================| Target Information |==========================[*] Target ........... 192.168.0.102
[*] Username ......... ''[*] Random Username ..'agujhpgm'[*] Password ......... ''[*] Timeout .......... 5 second(s)=====================================| Service Scan on 192.168.0.102 |=====================================[*] Checking LDAP
[-] Could not connect to LDAP on 389/tcp: connection refused
[*] Checking LDAPS
[-] Could not connect to LDAPS on 636/tcp: connection refused
[*] Checking SMB
[+] SMB is accessible on 445/tcp
[*] Checking SMB over NetBIOS
[+] SMB over NetBIOS is accessible on 139/tcp
=====================================================| NetBIOS Names and Workgroup for 192.168.0.102 |=====================================================[+] Got domain/workgroup name: WORKGROUP
[+] Full NetBIOS names information:
- NITIN <00> - B <ACTIVE> Workstation Service
- NITIN <03> - B <ACTIVE> Messenger Service
- NITIN <20> - B <ACTIVE> File Server Service
- ..__MSBROWSE__. <01> - <GROUP> B <ACTIVE> Master Browser
- WORKGROUP <00> - <GROUP> B <ACTIVE> Domain/Workgroup Name
- WORKGROUP <1d> - B <ACTIVE> Master Browser
- WORKGROUP <1e> - <GROUP> B <ACTIVE> Browser Service Elections
- MAC Address = 00-00-00-00-00-00
==========================================| SMB Dialect Check on 192.168.0.102 |==========================================[*] Trying on 445/tcp
[+] Supported dialects and settings:
SMB 1.0: true
SMB 2.02: true
SMB 2.1: true
SMB 3.0: true
SMB1 only: false
Preferred dialect: SMB 3.0
SMB signing required: false==========================================| RPC Session Check on 192.168.0.102 |==========================================[*] Check for null session
[+] Server allows session using username '', password ''[*] Check for random user session
[+] Server allows session using username 'agujhpgm', password ''[H] Rerunning enumeration with user 'agujhpgm' might give more results
====================================================| Domain Information via RPC for 192.168.0.102 |====================================================[+] Domain: WORKGROUP
[+] SID: NULL SID
[+] Host is part of a workgroup (not a domain)============================================================| Domain Information via SMB session for 192.168.0.102 |============================================================[*] Enumerating via unauthenticated SMB session on 445/tcp
[+] Found domain information via SMB
NetBIOS computer name: NITIN
NetBIOS domain name: ''
DNS domain: 168.1.7
FQDN: nitin.168.1.7
================================================| OS Information via RPC for 192.168.0.102 |================================================[*] Enumerating via unauthenticated SMB session on 445/tcp
[+] Found OS information via SMB
[*] Enumerating via 'srvinfo'[+] Found OS information via 'srvinfo'[+] After merging OS information we have the following result:
OS: Linux/Unix (Samba 4.3.11-Ubuntu)
OS version: '6.1'
OS release: ''
OS build: '0'
Native OS: Windows 6.1
Native LAN manager: Samba 4.3.11-Ubuntu
Platform id: '500'
Server type: '0x809a03'
Server type string: Wk Sv PrQ Unx NT SNT nitin server (Samba, Ubuntu)======================================| Users via RPC on 192.168.0.102 |======================================[*] Enumerating users via 'querydispinfo'[+] Found 1 users via 'querydispinfo'[*] Enumerating users via 'enumdomusers'[+] Found 1 users via 'enumdomusers'[+] After merging user results we have 1 users total:
'1000':
username: smb
name: ''
acb: '0x00000010'
description: ''=======================================| Groups via RPC on 192.168.0.102 |=======================================[*] Enumerating local groups[+] Found 0 group(s) via 'enumalsgroups domain'[*] Enumerating builtingroups[+] Found 0 group(s) via 'enumalsgroups builtin'[*] Enumerating domain groups[+] Found 0 group(s) via 'enumdomgroups'=========================================| Services via RPC on 192.168.0.102 |=========================================[+] Found 4 service(s):
NETLOGON:
description: Net Logon
RemoteRegistry:
description: Remote Registry Service
Spooler:
description: Print Spooler
WINS:
description: Windows Internet Name Service (WINS)=======================================| Shares via RPC on 192.168.0.102 |=======================================[*] Enumerating shares
[+] Found 2 share(s):
IPC$:
comment: IPC Service (nitin server (Samba, Ubuntu))
type: IPC
print$:
comment: Printer Drivers
type: Disk
[*] Testing share IPC$
[-] Could not check share: STATUS_OBJECT_NAME_NOT_FOUND
[*] Testing share print$
[+] Mapping: DENIED, Listing: N/A
==========================================| Policies via RPC for 192.168.0.102 |==========================================[*] Trying port 445/tcp
[+] Found policy:
domain_password_information:
pw_history_length: None
min_pw_length: 5
min_pw_age: none
max_pw_age: not set
pw_properties:
- DOMAIN_PASSWORD_COMPLEX: false
- DOMAIN_PASSWORD_NO_ANON_CHANGE: false
- DOMAIN_PASSWORD_NO_CLEAR_CHANGE: false
- DOMAIN_PASSWORD_LOCKOUT_ADMINS: false
- DOMAIN_PASSWORD_PASSWORD_STORE_CLEARTEXT: false
- DOMAIN_PASSWORD_REFUSE_PASSWORD_CHANGE: false
domain_lockout_information:
lockout_observation_window: 30 minutes
lockout_duration: 30 minutes
lockout_threshold: None
domain_logoff_information:
force_logoff_time: not set==========================================| Printers via RPC for 192.168.0.102 |==========================================[+] No printers returned (this is not an error)
Completed after 0.48 seconds
Enter WORKGROUP\smb's password:
Try "help" to get a list of possible commands.
smb: \>ls. D 0 Mon Nov 4 19:50:37 2019
.. D 0 Mon Nov 4 19:37:28 2019
main.txt N 10 Mon Nov 4 19:45:38 2019
safe.zip N 3424907 Mon Nov 4 19:50:37 2019
9204224 blocks of size 1024. 6825756 blocks available
smb: \>