Skip to main content

Enum4Linux

Details

Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com.

It is written in PERL and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup. The samba package is therefore a dependency.

-- https://www.kali.org/tools/enum4linux/ 



When to Use

 You'll know when you've found a domain controller, because it will have several ports open that clearly distinguish it:

PORT     STATE SERVICE
53/tcp   open  domain
88/tcp   open  kerberos-sec
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
389/tcp  open  ldap
445/tcp  open  microsoft-ds
464/tcp  open  kpasswd5
593/tcp  open  http-rpc-epmap
636/tcp  open  ldapssl
3268/tcp open  globalcatLDAP
3269/tcp open  globalcatLDAPssl

Given that enum4linux is a SMB client, you could run it against other hosts where SMB is enabled an enumerate your access levels on hosts other than the domain controller.

 

 

Example Usage

Help Message

enum4linux -h


Dump Information from a Domain Controller

enum4linux -u username -p password -a dc-ip-address

 

Via Proxy Host Using Proxychains

proxychains -q enum4linux -u username -p password -a dc-ip-address

 

Back to top