Enumerate user accounts through null sessions

There is a very useful program, in BackTrack you will find it pre-installed, named rpcclient. This tool executes client side MS-RPC functions and is part of samba. rpcclient manpage
 

Open up a terminal and execute:

rpcclient -U "" target_ip_address

In password prompt just hit enter.
 

If the connection is successful you should see a rpcclient prompt.
Type

enumdomusers

to dump a list of user accounts.

%d bloggers like this: