diff --git a/README.md b/README.md index 8690ad7..3a334dd 100644 --- a/README.md +++ b/README.md @@ -44,13 +44,17 @@ If you use the tool: Don't use it for illegal purposes. ## Run An example run could look like that: -```$ enum4linux-ng.py -As -oY out``` +```console +enum4linux-ng.py -As -oY out +``` ### Demo #### Windows Server 2012 R2 This demonstrates a run against Windows Server 2012 R2 standard installation. The following command is being used: -```enum4linux-ng.py 192.168.125.131 -u Tester -p 'Start123!' -oY out``` +```console +enum4linux-ng.py 192.168.125.131 -u Tester -p 'Start123!' -oY out +``` A user 'Tester' with password 'Start123!' was created. Firewall access was allowed. Once the enumeration is finished, I scroll up so that the results become more clear. Since no other enumeration option is specified, the tool will assume ```-A``` which behaves similar to enum4linux ```-a``` option. User and password are passed in. The ```-oY``` option will export all enumerated data as YAML file for further processing in ```out.yaml```. The tool automatically detects at the beginning that LDAP is not running on the remote host. It will therefore skip any further LDAP checks which would normally be part of the default enumeration. @@ -59,14 +63,16 @@ A user 'Tester' with password 'Start123!' was created. Firewall access was allow #### Metasploitable 2 The second demo shows a run against Metasploitable 2. The following command is being used: -```enum4linux-ng.py 192.168.125.145 -A -C``` +```console +enum4linux-ng.py 192.168.125.145 -A -C +``` This time the ```-A``` and ```-C``` option are used. While the first one behaves similar to enum4linux ```-a``` option, the second one will enable enumeration of services. This time no credentials were provided. The tool automatically detects that it needs to use SMBv1. No YAML or JSON file is being written. Again I scroll up so that the results become more clear. ![Demo](https://github.com/cddmp/misc/blob/master/screencasts/enum4linux-ng/demo2.gif) ### Usage -``` +```console usage: enum4linux-ng.py [-h] [-A] [-As] [-U] [-G] [-Gm] [-S] [-C] [-P] [-O] [-L] [-I] [-R [BULK_SIZE]] [-N] [-w DOMAIN] [-u USER] [-p PW | -K TICKET_FILE | -H NTHASH] [--local-auth] [-d] [-k USERS] [-r RANGES] [-s SHARES_FILE] [-t TIMEOUT] [-v] [--keep] [-oJ OUT_JSON_FILE | -oY OUT_YAML_FILE | -oA OUT_FILE] @@ -121,18 +127,18 @@ There are multiple ways to install the tool. Either the tool comes as a package ### Kali Linux ```console -# apt install enum4linux-ng +apt install enum4linux-ng ``` ### Archstrike ```console -# pacman -S enum4linux-ng +pacman -S enum4linux-ng ``` ### NixOS (tested on NixOS 20.9) ```console -$ nix-env -iA nixos.enum4linux-ng +nix-env -iA nixos.enum4linux-ng ``` ## Manual Installation @@ -162,20 +168,20 @@ For all distribution examples below, LibYAML is already a dependency of the corr #### ArchLinux ```console -# pacman -S smbclient python-ldap3 python-yaml impacket +pacman -S smbclient python-ldap3 python-yaml impacket ``` #### Fedora/CentOS/RHEL (tested on Fedora Workstation 31) ```console -# dnf install samba-common-tools samba-client python3-ldap3 python3-pyyaml python3-impacket +dnf install samba-common-tools samba-client python3-ldap3 python3-pyyaml python3-impacket ``` #### Debian/Ubuntu/Linux Mint (For Ubuntu 18.04 or below use the Docker or Python virtual environment variant) ```console -# apt install smbclient python3-ldap3 python3-yaml python3-impacket +apt install smbclient python3-ldap3 python3-yaml python3-impacket ``` ### Linux distribution-agnostic @@ -183,41 +189,43 @@ For all distribution examples below, LibYAML is already a dependency of the corr Depending on the Linux distribution either `pip3` or `pip` is needed: ```console -$ pip install pyyaml ldap3 impacket +pip install pyyaml ldap3 impacket ``` Alternative: ```console -$ pip install -r requirements.txt +pip install -r requirements.txt ``` Remember you need to still install the samba tools as mentioned above. #### Python virtual environment ```console -$ git clone https://github.com/cddmp/enum4linux-ng -$ cd enum4linux-ng -$ python3 -m venv venv -$ source venv/bin/activate -$ pip install wheel -$ pip install -r requirements.txt +git clone https://github.com/cddmp/enum4linux-ng +cd enum4linux-ng +python3 -m venv venv +source venv/bin/activate +pip install wheel +pip install -r requirements.txt ``` Then run via: -```python3 enum4linux-ng.py -As ``` +```console +python3 enum4linux-ng.py -As +``` Remember you need to still install the samba tools as mentioned above. In addition, make sure you run ```source venv/bin/activate``` everytime you spawn a new shell. Otherwise the wrong Python interpreter with the wrong libraries will be used (your system one rather than the virtual environment one). #### Docker ```console -$ git clone https://github.com/cddmp/enum4linux-ng -$ cd enum4linux-ng -$ docker build . --tag enum4linux-ng +git clone https://github.com/cddmp/enum4linux-ng +cd enum4linux-ng +docker build . --tag enum4linux-ng ``` Once finished an example run could look like this: ```console -$ docker run -t enum4linux-ng -As +docker run -t enum4linux-ng -As ``` ## Contribution and Support Occassionally, the tool will spit out error messages like this: