LAN domain and shares enumeration with Nmbscan

» 13 September 2010 » In Uncategorized »

About:
Nmbscan scans the the shares of a NetBIOS/SMB network. It’s a handy tool when you need to enumerate NMB/SMB/NetBIOS/Windows hostname, IP address, IP hostname, ethernet MAC address, Windows username, NMB/SMB/NetBIOS/Windows domain name, and master browser. This is another indispensable tool for for acquiring information on a local area network for such purposes as security auditing.

http://freshmeat.net/projects/nmbscan/

Disclaimer:
This tools can cause harm to the normal operation of your network/servers if used improperly. Use this tool on your own networks/servers, or networks/servers for which you have been given permission to test. Before using this tools, please read the documentation available.

Installation (ubuntu 10.4):
apt-get install samba smbclient
wget http://packetstormsecurity.org/UNIX/scanners/nmbscan-1.2.6.tar.gz
tar xvfz nmbscan-1.2.6.tar.gz

Usage:
./nmbscan {-d|-m|-a}
-d show all domains
-m show all domains with master browsers
-a show all domains, master browsers, and hosts

./nmbscan {-h|-n} host1 [host2 [...]]
-h show information on hosts, known by ip name/address
-n show information on hosts, known by nmb name

Examples:

Enumerating all the domains:

./nmbscan -d
nmbscan version 1.2.6 – core – Mon Sep 13 10:14:22 UTC 2010
domain LAB
domain WORKGROUP

Enumerating all domains with master browsers:

./nmbscan -a
nmbscan version 1.2.6 – core – Sun Sep 12 21:20:52 UTC 2010
domain WORKGROUP
master-browser CORE 192.168.0.100 -
domain LAB
master-browser WSERVER2003 192.168.0.1 -

Enumerating all domains with master browsers and hosts informations:

./nmbscan -a
nmbscan version 1.2.6 – core – Sun Sep 12 21:27:52 UTC 2010
domain WORKGROUP
master-browser CORE 192.168.0.100 -
domain LAB
master-browser WSERVER2003 192.168.0.1 -
server VMWARE-SERVER
ip-address 192.168.0.2
mac-address 00:0A:5E:53:6B:28
arp-mac-address 00:0A:5E:53:6B:28
server-software Samba 3.0.28a
operating-system Unix
share vmware
share-type Disk
share IPC$
share-type IPC
share-comment IPC Service (Vmware Server 3.0.28a)
server WSERVER2003
ip-address 192.168.0.1
mac-address 00:0C:29:5F:ED:2E
smb-mac-address 00:0C:29:5F:ED:2E
arp-mac-address 00:0C:29:5F:ED:2E
server-software Windows Server 2003 5.2
operating-system Windows Server 2003 3790
share IPC$
share-type IPC
share-comment Remote IPC
share NETLOGON
share-type Disk
share-comment Logon server share
share projects
share-type Disk
share Desktop
share-type Disk
share ADMIN$
share-type Disk
share-comment Remote Admin
share SYSVOL
share-type Disk
share-comment Logon server share
share C$
share-type Disk
share-comment Default share
server SEC
ip-address 192.168.0.28
server-software Samba 3.4.7
operating-system Unix
share IPC$
share-type IPC
share-comment IPC Service (Secure Server 3.4.7)
share finance
share-type Disk
share-comment Corporate finance
share doc
share-type Disk
share-comment Corporate documentation

Did you like this? Share it:
Scridb filter

Tags:

Trackback URL

No Comments on "LAN domain and shares enumeration with Nmbscan"

Hi Stranger, leave a comment:

ALLOWED XHTML TAGS:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to Comments