Skip to content

Home

Jump to bottom
Mike edited this page Aug 15, 2019 · 36 revisions

nullinux - is an internal penetration testing tool for Linux to identify and enumerate users, shares, operating system, and domain information via SMB. If no username and password are provided, nullinux will attempt to connect to the target using an SMB null session. Nullinux acts as a wrapper around the Samba tools providing formatted output that can be directly implemented in further exploitation of the network.

  1. Enumerate Multiple Hosts at Once
    nullinux provides several options for enumerating users and shares from multiple hosts. Although this can be completed with other tools using a bash loop, nullinux simplifies this process.

    x=0;until [ $x -eq “3” ]; do enum4linux 192.168.1.$x; ((x++)); done
OR
nullinux 192.168.1.1,192.168.1.7

  2. Creates a nullinux_users.txt File
    By using the command line argument “-users”, nullinux will attempt to enumerate users through all available options and display the results on screen. nullinux will compile all users collected during enumeration into a single .txt file, free of duplicates. This nullinux_users.txt file can then be used for password spraying or other internal attacks.

    Nullinux can also be set to use non-invasive or lengthy techniques to enumerate users through the "-quick" option. This will perform a quick enumeration of users leaving out brute force options such as known usernames, rid cycling, and enumerating the LSA.

  3. Dynamically Enumerates Shares & Root Directory
    The command line argument “-shares” will attempt to enumerate all available shares on the host and automatically attempt to enumerate the directory of each share found. Simplifying what used to be a very manual process. Both “-shares” and “-users” can be implemented together using the “-all” command line argument.

    nullinux -shares 192.168.1.1
nullinux 10.0.0.1

  4. Multi-Threaded RID Cycling
    Nullinux will perform RID cycling during the user enumeration process, or as a stand-alone technique, on the target server. This is a multi-threaded process to decrease enumeration time and add functionality to the tool.

     nullinux -users 10.0.1.1
 nullinux -rid -range 500-600 10.0.1.1

Clone this wiki locally