A penetration tester needs to locate valuable data stored in a shared folder on a Windows host, but PowerShell Remoting and other remote-management utilities are blocked. Which approach best identifies the SMB shares that are accessible on the target so the tester can proceed with reconnaissance?
Send ICMP echo requests to every host and track which ones respond
Run the net view \hostname command to enumerate shared folders
Pull event and audit logs from a domain controller to look for share names
Launch an interactive shell on the target and run discovery scripts
The native Windows command net view lists every share that a specified computer exposes over SMB, giving the tester an immediate inventory of available file repositories even when other remote-management channels are unavailable. Opening an interactive shell does not automatically enumerate shares, collecting domain-controller logs rarely yields a comprehensive list of active shares, and ICMP pings only reveal live hosts-not the folders they export.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a built-in command to map remote folders on Windows?
Open an interactive chat with Bash
How does `net use` help in reconnaissance during a penetration test?
Open an interactive chat with Bash
What are the limitations of using built-in Windows commands like `net use` for reconnaissance?