Enumerate Users and Groups via SMB

Living off the Land (LOLBAS)

List all users in a domain group: net group [group name] /domain
List all groups in the current domain net group /domain
List local users who are member of the local administrators group: net localgroup administrators
List local users: net user
List local groups: net localgroup

Other Tools

Enumerate local users with lookupsid.py
lookupsid.py -no-pass hostname.local

Enumerate local users with netexec

netexec smb 10.10.10.10 --users [-u <username> -p <password>]
netexec smb 10.10.10.10 --groups [-u <username> -p <password>]
netexec smb 10.10.10.10 --groups --loggedon-users [-u <username> -p <password>]
netexec smb 10.10.10.10 --rid-brute 10000 [-u <username -p <password>]

Related Notes

All Related Notes

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "smb") OR contains(tags, "windows") OR contains(tags, "enumeration")
SORT file.ctime DESC

smb

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "smb")
SORT file.ctime DESC

windows

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "windows")
SORT file.ctime DESC

enumeration

TABLE file.ctime as "Created", tags as "Tags"
FROM "New Notes"
WHERE contains(tags, "enumeration")
SORT file.ctime DESC

📓 Jorkle's Notes

Explorer

Enumerate Users and Groups via SMB

Living off the Land (LOLBAS)

Other Tools

Graph View

Table of Contents

Backlinks