NetBIOS and Null Session

nmap -sS -p 135 <target>
Probes NetBIOS info of machine:
nbtscan -v <target>
Displays system shares information:
nmblookup -A <target>
Lists all shared shares of target:
smbclient -L <target>
Enumerates information on target Windows system (shares, users, etc):
enum4linux -a <target>
Attempts to access a shared resources with no credentials (null session):
smbclient \\\\<target>\\<share> -N
Attempt to connect to RPC service with no credentials:
rpcclient -N -U "" <target>
Attempts to bruteforce SMB credentials with nmap:
nmap --script=smb-brute <target>

SNMP Enumeration

Enumerates SNMP info of the given target:
snmpwalk -c <c_string> -v <version> <target>
Attempts to brute force SNMP community string:
nmap -sU -p 161 --script=snmp-brute <target>
Enumerate users:
nmap -sU -p 161 --script snmp-win32-users <target>
Lists all SNMP-related nmap scripts:
ls -l /usr/share/nmap/script | grep -i snmp
Obtains SNMP info at specified OID:
snmpwalk -c <c_string> -v <version> <target> <OID>
Changes the SNMP information at specified OID:
snmpset -c <c_string> -v <version> <target> <OID> <value_type> <value>
Onesixtyone brute force:
echo public > community
echo private >> community
echo manager >> community
onesixtyone -c community <target>
Enumerate system processes:
snmpwalk -c <community string> -<version> <target>
Enumerate running programs:
snmpwalk -c <community string> -<version> <target>
Enumerate processes path:
snmpwalk -c <community string> -<version> <target>
Enumerate storage units:
snmpwalk -c <community string> -<version> <target>
Enumerate software name:
snmpwalk -c <community string> -<version> <target>
Enumerate user accounts:
snmpwalk -c <community string> -<version> <target>
Enumerate tcp local ports:
snmpwalk -c <community string> -<version> <target>

SNMP and Metaespoit

msf > use auxiliary/scanner/snmp/snmp_login
msf > set PASSWORD public
msf > set RHOSTS file:snmp.txt
msf > set THREADS 25
msf > set VERBOSE false
msf > set VERSION 2c
msf > run

NFS Enumeration

Discover rpcbind:
$ sudo nmap -sV --script rpcinfo -p111
Run Nmap scripts:
$ sudo nmap -sV --script 'nfs*' -p2049


$ showmount -e
$ sudo mount -v -t nfs -o vers=3 -o nolock -o user=snovvcrash,pass='Passw0rd!' /mnt/nfs