In this section, we are going to take a look at using various application protocols to help us extract sensitive data and records from a target system.
SMB, LDAP enumeration, and null sessions
SMBmap and SMBclient
SMBmap is a popular and easy-to-use tool that is used to help us discover any SMB shares on a device and detect permissions on any shares found:
- Using the smbmap -H target syntax, we can attempt to perform a port scan, looking for ports that are used by the SMB service; in our target, it's 445 and it's open:
![](https://static.packt-cdn.com/products/9781789611809/graphics/assets/481ba446-50dd-486d-bbbf-d484989bb080.png)
SMB shares
- SMBmap will attempt to establish a session between the attacker machine and the target on port 445 to enumerate any share drives and folders. On our target (Metasploitable), there&apos...