Academy SMB footprinting (module/112/section/1067)


On the last 2 questions I’m struggling:

  1. Find additional information about the specific share we found previously and submit the customized version of that specific share as the answer.
  2. What is the full system path of that specific share?

I tried smbclient, rpcclient, nmap and enum4linux-ng on the target. I couldn’t find “additional information” that could lead to a “customized version of that specific share”. Maybe I don’t get the question… With the help of enum4linux-ng I found out that there are 2 possibilities to log in - as an anonymous user and as “xxxx” user with pas “”.

I tried to log in as that user (the name changes with every ip refresh) with no pass (as described) and it doesn’t work.

rpcclient -U xxxx ‘ip address’

rpcclient -U frmfmxzo
Enter WORKGROUP\frmfmxzo’s password:
Bad SMB2 signature for message
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 … …
[0000] CE F5 68 A0 FB AF DD 5E BC 7D EB 95 75 1B 43 22 …h…^ .}…u.C"

If anybody can help me understand the last 2 questions, I would be grateful.
Thank you!

It was SOLVED.

I am having the same issue. How did you solved it?


pcclient $> netsharegetinfo sambashare
netname: sambashare
remark: InFreight SMB v3.1
path: C:\home\sambauser
type: 0x0
perms: 0
max_uses: -1
num_uses: 1
the answer is InFreight SMB v3.1

1 Like

for the systempath:

Thank you