API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Dec 14th, 2019
1,104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 15.75 KB | None | 0 0
raw download clone embed print report
  1. Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sat Dec 14 20:59:42 2019
  2.  
  3. ==========================
  4. | Target Information |
  5. ==========================
  6. Target ........... 10.10.10.161
  7. RID Range ........ 500-550,1000-1050
  8. Username ......... ''
  9. Password ......... ''
  10. Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
  11.  
  12.  
  13. ====================================================
  14. | Enumerating Workgroup/Domain on 10.10.10.161 |
  15. ====================================================
  16. [E] Can't find workgroup/domain
  17.  
  18.  
  19. ============================================
  20. | Nbtstat Information for 10.10.10.161 |
  21. ============================================
  22. Looking up status of 10.10.10.161
  23. No reply from 10.10.10.161
  24.  
  25. =====================================
  26. | Session Check on 10.10.10.161 |
  27. =====================================
  28. [+] Server 10.10.10.161 allows sessions using username '', password ''
  29. [+] Got domain/workgroup name:
  30.  
  31. ===========================================
  32. | Getting domain SID for 10.10.10.161 |
  33. ===========================================
  34. Domain Name: HTB
  35. Domain Sid: S-1-5-21-3072663084-364016917-1341370565
  36. [+] Host is part of a domain (not a workgroup)
  37.  
  38. ======================================
  39. | OS information on 10.10.10.161 |
  40. ======================================
  41. [+] Got OS info for 10.10.10.161 from smbclient:
  42. [+] Got OS info for 10.10.10.161 from srvinfo:
  43. Could not initialise srvsvc. Error was NT_STATUS_ACCESS_DENIED
  44.  
  45. =============================
  46. | Users on 10.10.10.161 |
  47. =============================
  48. index: 0x2137 RID: 0x463 acb: 0x00020015 Account: $331000-VK4ADACQNUCA Name: (null) Desc: (null)
  49. index: 0xfbc RID: 0x1f4 acb: 0x00020010 Account: Administrator Name: Administrator Desc: Built-in account for administering the computer/domain
  50. index: 0x2369 RID: 0x47e acb: 0x00000210 Account: andy Name: Andy Hislip Desc: (null)
  51. index: 0xfbe RID: 0x1f7 acb: 0x00000215 Account: DefaultAccount Name: (null) Desc: A user account managed by the system.
  52. index: 0xfbd RID: 0x1f5 acb: 0x00000215 Account: Guest Name: (null) Desc: Built-in account for guest access to the computer/domain
  53. index: 0x2352 RID: 0x478 acb: 0x00000210 Account: HealthMailbox0659cc1 Name: HealthMailbox-EXCH01-010 Desc: (null)
  54. index: 0x234b RID: 0x471 acb: 0x00000210 Account: HealthMailbox670628e Name: HealthMailbox-EXCH01-003 Desc: (null)
  55. index: 0x234d RID: 0x473 acb: 0x00000210 Account: HealthMailbox6ded678 Name: HealthMailbox-EXCH01-005 Desc: (null)
  56. index: 0x2351 RID: 0x477 acb: 0x00000210 Account: HealthMailbox7108a4e Name: HealthMailbox-EXCH01-009 Desc: (null)
  57. index: 0x234e RID: 0x474 acb: 0x00000210 Account: HealthMailbox83d6781 Name: HealthMailbox-EXCH01-006 Desc: (null)
  58. index: 0x234c RID: 0x472 acb: 0x00000210 Account: HealthMailbox968e74d Name: HealthMailbox-EXCH01-004 Desc: (null)
  59. index: 0x2350 RID: 0x476 acb: 0x00000210 Account: HealthMailboxb01ac64 Name: HealthMailbox-EXCH01-008 Desc: (null)
  60. index: 0x234a RID: 0x470 acb: 0x00000210 Account: HealthMailboxc0a90c9 Name: HealthMailbox-EXCH01-002 Desc: (null)
  61. index: 0x2348 RID: 0x46e acb: 0x00000210 Account: HealthMailboxc3d7722 Name: HealthMailbox-EXCH01-Mailbox-Database-1118319013 Desc: (null)
  62. index: 0x2349 RID: 0x46f acb: 0x00000210 Account: HealthMailboxfc9daad Name: HealthMailbox-EXCH01-001 Desc: (null)
  63. index: 0x234f RID: 0x475 acb: 0x00000210 Account: HealthMailboxfd87238 Name: HealthMailbox-EXCH01-007 Desc: (null)
  64. index: 0xff4 RID: 0x1f6 acb: 0x00020011 Account: krbtgt Name: (null) Desc: Key Distribution Center Service Account
  65. index: 0x2360 RID: 0x47a acb: 0x00000210 Account: lucinda Name: Lucinda Berger Desc: (null)
  66. index: 0x236a RID: 0x47f acb: 0x00000210 Account: mark Name: Mark Brandt Desc: (null)
  67. index: 0x236b RID: 0x480 acb: 0x00000210 Account: santi Name: Santi Rodriguez Desc: (null)
  68. index: 0x235c RID: 0x479 acb: 0x00000210 Account: sebastien Name: Sebastien Caron Desc: (null)
  69. index: 0x215a RID: 0x468 acb: 0x00020011 Account: SM_1b41c9286325456bb Name: Microsoft Exchange Migration Desc: (null)
  70. index: 0x2161 RID: 0x46c acb: 0x00020011 Account: SM_1ffab36a2f5f479cb Name: SystemMailbox{8cc370d3-822a-4ab8-a926-bb94bd0641a9} Desc: (null)
  71. index: 0x2156 RID: 0x464 acb: 0x00020011 Account: SM_2c8eef0a09b545acb Name: Microsoft Exchange Approval Assistant Desc: (null)
  72. index: 0x2159 RID: 0x467 acb: 0x00020011 Account: SM_681f53d4942840e18 Name: Discovery Search Mailbox Desc: (null)
  73. index: 0x2158 RID: 0x466 acb: 0x00020011 Account: SM_75a538d3025e4db9a Name: Microsoft Exchange Desc: (null)
  74. index: 0x215c RID: 0x46a acb: 0x00020011 Account: SM_7c96b981967141ebb Name: E4E Encryption Store - Active Desc: (null)
  75. index: 0x215b RID: 0x469 acb: 0x00020011 Account: SM_9b69f1b9d2cc45549 Name: Microsoft Exchange Federation Mailbox Desc: (null)
  76. index: 0x215d RID: 0x46b acb: 0x00020011 Account: SM_c75ee099d0a64c91b Name: Microsoft Exchange Desc: (null)
  77. index: 0x2157 RID: 0x465 acb: 0x00020011 Account: SM_ca8c2ed5bdab4dc9b Name: Microsoft Exchange Desc: (null)
  78. index: 0x2372 RID: 0x1db1 acb: 0x00000010 Account: su Name: (null) Desc: (null)
  79. index: 0x2365 RID: 0x47b acb: 0x00010210 Account: svc-alfresco Name: svc-alfresco Desc: (null)
  80.  
  81. user:[Administrator] rid:[0x1f4]
  82. user:[Guest] rid:[0x1f5]
  83. user:[krbtgt] rid:[0x1f6]
  84. user:[DefaultAccount] rid:[0x1f7]
  85. user:[$331000-VK4ADACQNUCA] rid:[0x463]
  86. user:[SM_2c8eef0a09b545acb] rid:[0x464]
  87. user:[SM_ca8c2ed5bdab4dc9b] rid:[0x465]
  88. user:[SM_75a538d3025e4db9a] rid:[0x466]
  89. user:[SM_681f53d4942840e18] rid:[0x467]
  90. user:[SM_1b41c9286325456bb] rid:[0x468]
  91. user:[SM_9b69f1b9d2cc45549] rid:[0x469]
  92. user:[SM_7c96b981967141ebb] rid:[0x46a]
  93. user:[SM_c75ee099d0a64c91b] rid:[0x46b]
  94. user:[SM_1ffab36a2f5f479cb] rid:[0x46c]
  95. user:[HealthMailboxc3d7722] rid:[0x46e]
  96. user:[HealthMailboxfc9daad] rid:[0x46f]
  97. user:[HealthMailboxc0a90c9] rid:[0x470]
  98. user:[HealthMailbox670628e] rid:[0x471]
  99. user:[HealthMailbox968e74d] rid:[0x472]
  100. user:[HealthMailbox6ded678] rid:[0x473]
  101. user:[HealthMailbox83d6781] rid:[0x474]
  102. user:[HealthMailboxfd87238] rid:[0x475]
  103. user:[HealthMailboxb01ac64] rid:[0x476]
  104. user:[HealthMailbox7108a4e] rid:[0x477]
  105. user:[HealthMailbox0659cc1] rid:[0x478]
  106. user:[sebastien] rid:[0x479]
  107. user:[lucinda] rid:[0x47a]
  108. user:[svc-alfresco] rid:[0x47b]
  109. user:[andy] rid:[0x47e]
  110. user:[mark] rid:[0x47f]
  111. user:[santi] rid:[0x480]
  112. user:[su] rid:[0x1db1]
  113.  
  114. =========================================
  115. | Share Enumeration on 10.10.10.161 |
  116. =========================================
  117. smb1cli_req_writev_submit: called for dialect[SMB3_11] server[10.10.10.161]
  118. do_connect: Connection to 10.10.10.161 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
  119.  
  120. Sharename Type Comment
  121. --------- ---- -------
  122. Error returning browse list: NT_STATUS_REVISION_MISMATCH
  123. Reconnecting with SMB1 for workgroup listing.
  124. Failed to connect with SMB1 -- no workgroup available
  125.  
  126. [+] Attempting to map shares on 10.10.10.161
  127.  
  128. ====================================================
  129. | Password Policy Information for 10.10.10.161 |
  130. ====================================================
  131.  
  132.  
  133. [+] Attaching to 10.10.10.161 using a NULL share
  134.  
  135. [+] Trying protocol 445/SMB...
  136.  
  137. [+] Found domain(s):
  138.  
  139. [+] HTB
  140. [+] Builtin
  141.  
  142. [+] Password Info for Domain: HTB
  143.  
  144. [+] Minimum password length: 7
  145. [+] Password history length: 24
  146. [+] Maximum password age: 41 days 23 hours 53 minutes
  147. [+] Password Complexity Flags: 000000
  148.  
  149. [+] Domain Refuse Password Change: 0
  150. [+] Domain Password Store Cleartext: 0
  151. [+] Domain Password Lockout Admins: 0
  152. [+] Domain Password No Clear Change: 0
  153. [+] Domain Password No Anon Change: 0
  154. [+] Domain Password Complex: 0
  155.  
  156. [+] Minimum password age: 1 day 4 minutes
  157. [+] Reset Account Lockout Counter: 30 minutes
  158. [+] Locked Account Duration: 30 minutes
  159. [+] Account Lockout Threshold: None
  160. [+] Forced Log off Time: Not Set
  161.  
  162.  
  163. [+] Retieved partial password policy with rpcclient:
  164.  
  165. Password Complexity: Disabled
  166. Minimum Password Length: 7
  167.  
  168.  
  169. ==============================
  170. | Groups on 10.10.10.161 |
  171. ==============================
  172.  
  173. [+] Getting builtin groups:
  174. group:[Account Operators] rid:[0x224]
  175. group:[Pre-Windows 2000 Compatible Access] rid:[0x22a]
  176. group:[Incoming Forest Trust Builders] rid:[0x22d]
  177. group:[Windows Authorization Access Group] rid:[0x230]
  178. group:[Terminal Server License Servers] rid:[0x231]
  179. group:[Administrators] rid:[0x220]
  180. group:[Users] rid:[0x221]
  181. group:[Guests] rid:[0x222]
  182. group:[Print Operators] rid:[0x226]
  183. group:[Backup Operators] rid:[0x227]
  184. group:[Replicator] rid:[0x228]
  185. group:[Remote Desktop Users] rid:[0x22b]
  186. group:[Network Configuration Operators] rid:[0x22c]
  187. group:[Performance Monitor Users] rid:[0x22e]
  188. group:[Performance Log Users] rid:[0x22f]
  189. group:[Distributed COM Users] rid:[0x232]
  190. group:[IIS_IUSRS] rid:[0x238]
  191. group:[Cryptographic Operators] rid:[0x239]
  192. group:[Event Log Readers] rid:[0x23d]
  193. group:[Certificate Service DCOM Access] rid:[0x23e]
  194. group:[RDS Remote Access Servers] rid:[0x23f]
  195. group:[RDS Endpoint Servers] rid:[0x240]
  196. group:[RDS Management Servers] rid:[0x241]
  197. group:[Hyper-V Administrators] rid:[0x242]
  198. group:[Access Control Assistance Operators] rid:[0x243]
  199. group:[Remote Management Users] rid:[0x244]
  200. group:[System Managed Accounts Group] rid:[0x245]
  201. group:[Storage Replica Administrators] rid:[0x246]
  202. group:[Server Operators] rid:[0x225]
  203.  
  204. [+] Getting builtin group memberships:
  205. Group 'IIS_IUSRS' (RID: 568) has member: Couldn't lookup SIDs
  206. Group 'Pre-Windows 2000 Compatible Access' (RID: 554) has member: Couldn't lookup SIDs
  207. Group 'Windows Authorization Access Group' (RID: 560) has member: Couldn't lookup SIDs
  208. Group 'Account Operators' (RID: 548) has member: Couldn't lookup SIDs
  209. Group 'System Managed Accounts Group' (RID: 581) has member: Couldn't lookup SIDs
  210. Group 'Remote Management Users' (RID: 580) has member: Couldn't lookup SIDs
  211. Group 'Guests' (RID: 546) has member: Couldn't lookup SIDs
  212. Group 'Administrators' (RID: 544) has member: Couldn't lookup SIDs
  213. Group 'Users' (RID: 545) has member: Couldn't lookup SIDs
  214.  
  215. [+] Getting local groups:
  216. group:[Cert Publishers] rid:[0x205]
  217. group:[RAS and IAS Servers] rid:[0x229]
  218. group:[Allowed RODC Password Replication Group] rid:[0x23b]
  219. group:[Denied RODC Password Replication Group] rid:[0x23c]
  220. group:[DnsAdmins] rid:[0x44d]
  221.  
  222. [+] Getting local group memberships:
  223. Group 'Denied RODC Password Replication Group' (RID: 572) has member: Couldn't lookup SIDs
  224.  
  225. [+] Getting domain groups:
  226. group:[Enterprise Read-only Domain Controllers] rid:[0x1f2]
  227. group:[Domain Admins] rid:[0x200]
  228. group:[Domain Users] rid:[0x201]
  229. group:[Domain Guests] rid:[0x202]
  230. group:[Domain Computers] rid:[0x203]
  231. group:[Domain Controllers] rid:[0x204]
  232. group:[Schema Admins] rid:[0x206]
  233. group:[Enterprise Admins] rid:[0x207]
  234. group:[Group Policy Creator Owners] rid:[0x208]
  235. group:[Read-only Domain Controllers] rid:[0x209]
  236. group:[Cloneable Domain Controllers] rid:[0x20a]
  237. group:[Protected Users] rid:[0x20d]
  238. group:[Key Admins] rid:[0x20e]
  239. group:[Enterprise Key Admins] rid:[0x20f]
  240. group:[DnsUpdateProxy] rid:[0x44e]
  241. group:[Organization Management] rid:[0x450]
  242. group:[Recipient Management] rid:[0x451]
  243. group:[View-Only Organization Management] rid:[0x452]
  244. group:[Public Folder Management] rid:[0x453]
  245. group:[UM Management] rid:[0x454]
  246. group:[Help Desk] rid:[0x455]
  247. group:[Records Management] rid:[0x456]
  248. group:[Discovery Management] rid:[0x457]
  249. group:[Server Management] rid:[0x458]
  250. group:[Delegated Setup] rid:[0x459]
  251. group:[Hygiene Management] rid:[0x45a]
  252. group:[Compliance Management] rid:[0x45b]
  253. group:[Security Reader] rid:[0x45c]
  254. group:[Security Administrator] rid:[0x45d]
  255. group:[Exchange Servers] rid:[0x45e]
  256. group:[Exchange Trusted Subsystem] rid:[0x45f]
  257. group:[Managed Availability Servers] rid:[0x460]
  258. group:[Exchange Windows Permissions] rid:[0x461]
  259. group:[ExchangeLegacyInterop] rid:[0x462]
  260. group:[$D31000-NSEL5BRJ63V7] rid:[0x46d]
  261. group:[Service Accounts] rid:[0x47c]
  262. group:[Privileged IT Accounts] rid:[0x47d]
  263. group:[test] rid:[0x13ed]
  264.  
  265. [+] Getting domain group memberships:
  266. Group 'Group Policy Creator Owners' (RID: 520) has member: HTB\Administrator
  267. Group 'Domain Guests' (RID: 514) has member: HTB\Guest
  268. Group 'Organization Management' (RID: 1104) has member: HTB\Administrator
  269. Group 'Exchange Windows Permissions' (RID: 1121) has member: HTB\Exchange Trusted Subsystem
  270. Group '$D31000-NSEL5BRJ63V7' (RID: 1133) has member: HTB\EXCH01$
  271. Group 'Schema Admins' (RID: 518) has member: HTB\Administrator
  272. Group 'Service Accounts' (RID: 1148) has member: HTB\svc-alfresco
  273. Group 'Managed Availability Servers' (RID: 1120) has member: HTB\EXCH01$
  274. Group 'Managed Availability Servers' (RID: 1120) has member: HTB\Exchange Servers
  275. Group 'Domain Controllers' (RID: 516) has member: HTB\FOREST$
  276. Group 'Domain Computers' (RID: 515) has member: HTB\EXCH01$
  277. Group 'Exchange Servers' (RID: 1118) has member: HTB\EXCH01$
  278. Group 'Exchange Servers' (RID: 1118) has member: HTB\$D31000-NSEL5BRJ63V7
  279. Group 'Domain Admins' (RID: 512) has member: HTB\Administrator
  280. Group 'Enterprise Admins' (RID: 519) has member: HTB\Administrator
  281. Group 'Privileged IT Accounts' (RID: 1149) has member: HTB\Service Accounts
  282. Group 'Domain Users' (RID: 513) has member: HTB\Administrator
  283. Group 'Domain Users' (RID: 513) has member: HTB\DefaultAccount
  284. Group 'Domain Users' (RID: 513) has member: HTB\krbtgt
  285. Group 'Domain Users' (RID: 513) has member: HTB\$331000-VK4ADACQNUCA
  286. Group 'Domain Users' (RID: 513) has member: HTB\SM_2c8eef0a09b545acb
  287. Group 'Domain Users' (RID: 513) has member: HTB\SM_ca8c2ed5bdab4dc9b
  288. Group 'Domain Users' (RID: 513) has member: HTB\SM_75a538d3025e4db9a
  289. Group 'Domain Users' (RID: 513) has member: HTB\SM_681f53d4942840e18
  290. Group 'Domain Users' (RID: 513) has member: HTB\SM_1b41c9286325456bb
  291. Group 'Domain Users' (RID: 513) has member: HTB\SM_9b69f1b9d2cc45549
  292. Group 'Domain Users' (RID: 513) has member: HTB\SM_7c96b981967141ebb
  293. Group 'Domain Users' (RID: 513) has member: HTB\SM_c75ee099d0a64c91b
  294. Group 'Domain Users' (RID: 513) has member: HTB\SM_1ffab36a2f5f479cb
  295. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailboxc3d7722
  296. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailboxfc9daad
  297. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailboxc0a90c9
  298. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox670628e
  299. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox968e74d
  300. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox6ded678
  301. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox83d6781
  302. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailboxfd87238
  303. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailboxb01ac64
  304. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox7108a4e
  305. Group 'Domain Users' (RID: 513) has member: HTB\HealthMailbox0659cc1
  306. Group 'Domain Users' (RID: 513) has member: HTB\sebastien
  307. Group 'Domain Users' (RID: 513) has member: HTB\lucinda
  308. Group 'Domain Users' (RID: 513) has member: HTB\svc-alfresco
  309. Group 'Domain Users' (RID: 513) has member: HTB\andy
  310. Group 'Domain Users' (RID: 513) has member: HTB\mark
  311. Group 'Domain Users' (RID: 513) has member: HTB\santi
  312. Group 'Domain Users' (RID: 513) has member: HTB\su
  313. Group 'Exchange Trusted Subsystem' (RID: 1119) has member: HTB\EXCH01$
  314.  
  315. =======================================================================
  316. | Users on 10.10.10.161 via RID cycling (RIDS: 500-550,1000-1050) |
  317. =======================================================================
  318. [E] Couldn't get SID: NT_STATUS_ACCESS_DENIED. RID cycling not possible.
  319.  
  320. =============================================
  321. | Getting printer info for 10.10.10.161 |
  322. =============================================
  323. Could not initialise spoolss. Error was NT_STATUS_ACCESS_DENIED
  324.  
  325.  
  326. enum4linux complete on Sat Dec 14 21:00:59 2019
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!