NetBIOS and Null Session
Copy nmap -sS -p 135 <target> Probes NetBIOS info of machine:
Displays system shares information:
Copy nmblookup -A <target> Lists all shared shares of target:
Copy smbclient -L <target> Enumerates information on target Windows system (shares, users, etc):
Copy enum4linux -a <target> Attempts to access a shared resources with no credentials (null session):
Copy smbclient \\\\<target>\\<share> -N Attempt to connect to RPC service with no credentials:
Copy rpcclient -N -U "" <target> Attempts to bruteforce SMB credentials with nmap:
Copy nmap --script=smb-brute <target> SNMP Enumeration
Enumerates SNMP info of the given target:
Copy snmpwalk -c <c_string> -v <version> <target> Attempts to brute force SNMP community string:
Copy nmap -sU -p 161 --script=snmp-brute <target> Enumerate users:
Copy nmap -sU -p 161 --script snmp-win32-users <target> Lists all SNMP-related nmap scripts:
Copy ls -l /usr/share/nmap/script | grep -i snmp Obtains SNMP info at specified OID:
Copy snmpwalk -c <c_string> -v <version> <target> <OID> Changes the SNMP information at specified OID:
Copy snmpset -c <c_string> -v <version> <target> <OID> <value_type> <value> Onesixtyone brute force:
Copy echo public > community
echo private >> community
echo manager >> community
onesixtyone -c community <target> Enumerate system processes:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.25.1.6.0 Enumerate running programs:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.25.4.2.1.2 Enumerate processes path:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.25.4.2.1.4 Enumerate storage units:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.25.2.3.1.4 Enumerate software name:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.25.6.3.1.2 Enumerate user accounts:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.4.1.77.1.2.25 Enumerate tcp local ports:
Copy snmpwalk -c <community string> -<version> <target> 1.3.6.1.2.1.6.13.1.3
Copy msf > use auxiliary/scanner/snmp/snmp_login
msf > set PASSWORD public
msf > set RHOSTS file:snmp.txt
msf > set THREADS 25
msf > set VERBOSE false
msf > set VERSION 2c
msf > run NFS Enumeration
Discover rpcbind:
Copy $ sudo nmap -sV --script rpcinfo 10.10.13.37 -p111 Run Nmap scripts:
Copy $ sudo nmap -sV --script 'nfs*' 10.10.13.37 -p2049 Mount
Copy $ showmount -e 10.10.13.37
$ sudo mount -v -t nfs -o vers=3 -o nolock -o user=snovvcrash,pass='Passw0rd!' 10.10.13.37:/home /mnt/nfs 
