Enumerating SMB sessions
SMB sessions reflect people connected to file shares or making RPC calls and they can provide invaluable information to profile users and machines. The SMB session information includes usernames, origin IP addresses, and even idle time. Because this information can be used to launch other attacks, listing SMB sessions remotely can be handy during the information-gathering phase.
This recipe shows how to enumerate SMB sessions of Windows machines with Nmap.
How to do it...
Open your terminal and enter the following Nmap command to enumerate the current SMB sessions on a target:
$ nmap -p445 --script smb-enum-sessions <target>
Local users on the system will be listed, as well as the SMB connections detected:
Host script results: |Â Â Â Â Â smb-enum-sessions: |Â Â Â Â Â Users logged in: |Â Â Â Â Â |Â Â Â Â MATRIX\Administrator since 2017-01-12 12:03:20 |Â &...