During an internal assessment, you have found multiple Windows servers exposing TCP ports 135, 139, and 445. Following a typical enumeration workflow, what technique should you attempt next if your goal is to obtain a list of local user and group accounts without supplying any credentials?
Launch an XMAS TCP scan against port 139 to infer firewall rule sets
Send a DNS zone-transfer (AXFR) request over TCP 53 to retrieve host records
Issue an SNMP GET request for OID 1.3.6.1.2.1.1.5.0 to collect device information
Create an anonymous (null) SMB session on TCP 445 and query the \PIPE\samr interface to enumerate the Security Accounts Manager database
If anonymous (null) sessions are permitted, a tester can connect to the IPC$ share over TCP 445 or 139 and bind to the \PIPE\samr (or \PIPE\lsarpc) named pipe. Using tools such as rpcclient or enum.exe, the assessor can issue SAMR or LSA queries that return local user and group names even when no credentials are provided. An XMAS scan only manipulates TCP flags to detect port states, SNMP OID requests reveal device identification data, and DNS zone-transfer requests dump DNS records-not Windows account information.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an anonymous (null) SMB session?
Open an interactive chat with Bash
What is the purpose of the \PIPE\samr interface?
Open an interactive chat with Bash
How does rpcclient help in SMB enumeration?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .