Most information you can get from SMB is using a linux tool called RPCClient.

To Establish a session

rpcclient -U username server

From here you can run many useful commands to gather info in preparation for an attack

enumdomusers – shows users defined locally on the machine. Shows domain users the system knows about

enumalsgroups – this shows groups defined on the box.

lsaenumsid – shows the Security Identifier (SID) for all users defined locally on the target windows machine

lookupnames – this lets you see the SID for a username you providethe username provided

lookupsids – this will convert an SID into a username on the target machine

srvinfo – shows version of the target machine


SMBclient is used for enumeration. RPCClient will collect info on a host to prepare for an attack