SMB

╭─      /home/kali ▓▒░─────────────────────────────────────────────────────────────────────░▒▓ 1 ✘  root@kali 
╰─ smbclient --no-pass -L //192.168.105.55

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       Remote IPC
	Shenzi          Disk      
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 192.168.105.55 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available
╭─      /home/kali ▓▒░───────────────────────────────────────────────────────────────────────░▒▓ ✔  root@kali 
╰─ smbclient --no-pass -L //192.168.105.55/Shenzi

	Sharename       Type      Comment
	---------       ----      -------
	IPC$            IPC       Remote IPC
	Shenzi          Disk      
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 192.168.105.55 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available
╭─      /home/kali ▓▒░───────────────────────────────────────────────────────────────────────░▒▓ ✔  root@kali 
╰─ smbclient --no-pass  //192.168.105.55/Shenzi 
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Thu May 28 11:45:09 2020
  ..                                  D        0  Thu May 28 11:45:09 2020
  passwords.txt                       A      894  Thu May 28 11:45:09 2020
  readme_en.txt                       A     7367  Thu May 28 11:45:09 2020
  sess_klk75u2q4rpgfjs3785h6hpipp      A     3879  Thu May 28 11:45:09 2020
  why.tmp                             A      213  Thu May 28 11:45:09 2020
  xampp-control.ini                   A      178  Thu May 28 11:45:09 2020

		12941823 blocks of size 4096. 6772576 blocks available
smb: \>

Null credentials got us a bunch of information. 

// Some code      │ File: sess_klk75u2q4rpgfjs3785h6hpipp
───────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │  PMA_token |s:32:"522b574a21767922222439295b4b2975"; HMAC_secret |s:16:"67gK3D[0mYw<Mlpn";browser_access_tim
       │ e|a:2:{s:7:"default";i:1590593735;s:36:"d3907c4c-ecaf-f98a-85db-1bce60b6913a";i:1590596659;}relation|a:1:{i:
       │ 1;a:41:{s:11:"PMA_VERSION";s:5:"5.0.2";s:7:"relwork";b:1;s:11:"displaywork";b:1;s:12:"bookmarkwork";b:1;s:7:
       │ "pdfwork";b:1;s:8:"commwork";b:1;s:8:"mimework";b:1;s:11:"historywork";b:1;s:10:"recentwork";b:1;s:12:"favor
       │ itework";b:1;s:11:"uiprefswork";b:1;s:12:"trackingwork";b:1;s:14:"userconfigwork";b:1;s:9:"menuswork";b:1;s:
       │ 7:"navwork";b:1;s:17:"savedsearcheswork";b:1;s:18:"centralcolumnswork";b:1;s:20:"designersettingswork";b:1;s
       │ :19:"exporttemplateswork";b:1;s:8:"allworks";b:1;s:4:"user";s:4:"root";s:2:"db";s:10:"phpmyadmin";s:8:"bookm
       │ ark";s:13:"pma__bookmark";s:15:"central_columns";s:20:"pma__central_columns";s:11:"column_info";s:16:"pma__c
       │ olumn_info";s:17:"designer_settings";s:22:"pma__designer_settings";s:16:"export_templates";s:21:"pma__export
       │ _templates";s:8:"favorite";s:13:"pma__favorite";s:7:"history";s:12:"pma__history";s:16:"navigationhiding";s:
       │ 21:"pma__navigationhiding";s:9:"pdf_pages";s:14:"pma__pdf_pages";s:6:"recent";s:11:"pma__recent";s:8:"relati
       │ on";s:13:"pma__relation";s:13:"savedsearches";s:18:"pma__savedsearches";s:12:"table_coords";s:17:"pma__table
       │ _coords";s:10:"table_info";s:15:"pma__table_info";s:13:"table_uiprefs";s:18:"pma__table_uiprefs";s:8:"tracki
       │ ng";s:13:"pma__tracking";s:10:"userconfig";s:15:"pma__userconfig";s:10:"usergroups";s:15:"pma__usergroups";s
       │ :5:"users";s:10:"pma__users";}}two_factor_check|b:1;cache|a:3:{s:8:"server_1";a:4:{s:15:"userprefs_mtime";s:
       │ 10:"1590593621";s:14:"userprefs_type";s:2:"db";s:12:"config_mtime";i:1584764260;s:9:"userprefs";a:1:{s:7:"Co
       │ nsole";a:1:{s:4:"Mode";s:8:"collapse";}}}s:13:"server_1_root";a:16:{s:14:"mysql_cur_user";s:14:"root@localho
       │ st";s:12:"is_grantuser";b:1;s:13:"is_createuser";b:1;s:12:"is_superuser";b:1;s:17:"is_create_db_priv";b:1;s:
       │ 14:"is_reload_priv";b:1;s:12:"db_to_create";s:0:"";s:30:"dbs_where_create_table_allowed";a:1:{i:0;s:1:"*";}s
       │ :11:"dbs_to_test";b:0;s:9:"proc_priv";b:1;s:10:"table_priv";b:1;s:8:"col_priv";b:1;s:7:"db_priv";b:1;s:11:"b
       │ inary_logs";a:0:{}s:18:"menu-levels-server";a:13:{s:9:"databases";s:9:"Databases";s:3:"sql";s:3:"SQL";s:6:"s
       │ tatus";s:6:"Status";s:6:"rights";s:5:"Users";s:6:"export";s:6:"Export";s:6:"import";s:6:"Import";s:8:"settin
       │ gs";s:8:"Settings";s:6:"binlog";s:10:"Binary log";s:11:"replication";s:11:"Replication";s:4:"vars";s:9:"Vari
       │ ables";s:7:"charset";s:8:"Charsets";s:7:"plugins";s:7:"Plugins";s:6:"engine";s:7:"Engines";}s:14:"menu-level
       │ s-db";a:14:{s:9:"structure";s:9:"Structure";s:3:"sql";s:3:"SQL";s:6:"search";s:6:"Search";s:5:"query";s:5:"Q
       │ uery";s:6:"export";s:6:"Export";s:6:"import";s:6:"Import";s:9:"operation";s:10:"Operations";s:10:"privileges
       │ ";s:10:"Privileges";s:8:"routines";s:8:"Routines";s:6:"events";s:6:"Events";s:8:"triggers";s:8:"Triggers";s:
       │ 8:"tracking";s:8:"Tracking";s:8:"designer";s:8:"Designer";s:15:"central_columns";s:15:"Central columns";}}s:
       │ 13:"version_check";a:2:{s:8:"response";s:419:"{
   2   │     "date": "2020-03-21", 
   3   │     "version": "5.0.2", 
   4   │     "releases": [
   5   │         {
   6   │             "date": "2020-03-21", 
   7   │             "php_versions": ">=5.5,<8.0", 
   8   │             "version": "4.9.5", 
   9   │             "mysql_versions": ">=5.5"
  10   │         }, 
  11   │         {
  12   │             "date": "2020-03-21", 
  13   │             "php_versions": ">=7.1,<8.0", 
  14   │             "version": "5.0.2", 
  15   │             "mysql_versions": ">=5.5"
  16   │         }
  17   │     ]
  18   │ }";s:9:"timestamp";i:1590593621;}}git_location|N;is_git_revision|b:0;tmpval|a:4:{s:14:"favoriteTables";a:1:{
       │ i:1;a:0:{}}s:12:"recentTables";a:1:{i:1;a:0:{}}s:18:"table_limit_offset";i:0;s:21:"table_limit_offset_db";s:
       │ 8:"testsite";}ConfigFile1|a:2:{s:7:"Console";a:1:{s:4:"Mode";s:8:"collapse";}s:7:"Servers";a:1:{i:1;a:2:{s:7
       │ :"only_db";s:0:"";s:7:"hide_db";s:0:"";}}}debug|a:0:{}errors|a:0:{}

Possible Users: root, 

PORT    STATE SERVICE       REASON          VERSION
445/tcp open  microsoft-ds? syn-ack ttl 127
|_smb-enum-services: ERROR: Script execution failed (use -d to debug)

Host script results:
|_smb-print-text: false
| smb2-security-mode: 
|   3.1.1: 
|_    Message signing enabled but not required
| smb2-capabilities: 
|   2.0.2: 
|     Distributed File System
|   2.1: 
|     Distributed File System
|     Leasing
|     Multi-credit operations
|   3.0: 
|     Distributed File System
|     Leasing
|     Multi-credit operations
|   3.0.2: 
|     Distributed File System
|     Leasing
|     Multi-credit operations
|   3.1.1: 
|     Distributed File System
|     Leasing
|_    Multi-credit operations
| smb-mbenum: 
|_  ERROR: Failed to connect to browser service: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR
| smb-protocols: 
|   dialects: 
|     2.0.2
|     2.1
|     3.0
|     3.0.2
|_    3.1.1
| smb2-time: 
|   date: 2022-07-15T19:03:57
|_  start_date: N/A
|_smb-vuln-ms10-061: Could not negotiate a connection:SMB: Failed to receive bytes: ERROR

no smb vulns or smb-enum results.

PreviousMSRPCNextmySQL

Last updated