⚠️ Pracivo Security Lab — Practice Nmap scanning, FTP anonymous login, SMB null sessions. Target: 127.0.0.1 or 192.168.x.x range (simulated).
> SMB Shares — dc01.corp.local (192.168.1.10)
| Share Path | Type | Comment | Access |
| \\192.168.1.10\ADMIN$ |
Disk |
Remote Admin |
restricted |
| \\192.168.1.10\C$ |
Disk |
Default share |
restricted |
| \\192.168.1.10\IPC$ |
IPC |
Remote IPC (null session) |
OPEN |
| \\192.168.1.10\Public |
Disk |
Company public files |
OPEN |
| \\192.168.1.10\IT_Backups |
Disk |
IT department backups |
OPEN |
| \\192.168.1.10\HR_Confidential |
Disk |
HR files — should be restricted |
OPEN |
# Enumerate SMB shares (null session)
smbclient -L //127.0.0.1 -N
# Access a share
smbclient //127.0.0.1/Public -N
# Use CrackMapExec
crackmapexec smb 127.0.0.1 --shares
# Enumerate with enum4linux
enum4linux -a 127.0.0.1
# Nmap SMB scripts
nmap --script smb-enum-shares -p 445 127.0.0.1