3. Null Session SMB Enumeration

Now we are trying to enumerate SMB shares using a null session — which means trying to access the SMB service without any username or password. This is useful when the server is misconfigured and allows anonymous access.

✅ Method 1: Using `smbclient`

smbclient -NL //192.168.10.4

Explanation:

-N → No password prompt (null session)
-L → List available SMB shares on the target
//IP → Target IP in UNC format

🔍 Look for:

IPC$ → Named pipes (usually always there)
NETLOGON, SYSVOL, Users → Might contain useful data in domain environments

I tried method 1 but it didn't work :

So let's head to method 2.

✅ Method 2: Using `netexec` (formerly `crackmapexec`)

netexec smb 192.168.10.4 -u '' -p '' --shares

Explanation:

-u '' → Empty username
-p '' → Empty password
--shares → Tells the tool to enumerate shared folders

✅ Now you successfully connected to the SMB service using a null session (no username/password).

[*] Windows 10 / Server 2019 Build 17763 x64 This confirms the target is likely a Windows Server 2019, in the megachange.nyx domain.

❌ But... Access Denied

[-] Error enumerating shares: STATUS_ACCESS_DENIED

This means anonymous access is not allowed to list SMB shares. The server requires authentication to view them.

🔐 If Access Denied?

We have to try valid credentials later:

netexec smb 192.168.10.4 -u USERNAME -p PASSWORD --shares

It doesn't matter to login now, all we need is the FQDN : megachange.nyx

Previous2. Service and Version Detection Next4. LDAP Anonymous Bind Check

Last updated 1 month ago

✅ Method 1: Using smbclient

✅ Method 2: Using netexec (formerly crackmapexec)

❌ But... Access Denied

🔐 If Access Denied?

✅ Method 1: Using `smbclient`

✅ Method 2: Using `netexec` (formerly `crackmapexec`)