Enumerate user accounts through null sessions

There is a very useful program, in BackTrack you will find it pre-installed, named rpcclient. This tool executes client side MS-RPC functions and is part of samba. rpcclient manpage

Open up a terminal and execute:

rpcclient -U "" target_ip_address

In password prompt just hit enter.

If the connection is successful you should see a rpcclient prompt.


to dump a list of user accounts.