cddmp
commented
8 months ago Thank you for opening this issue. I will have a look at the issue you're facing. Do you get any error message? Could you post the command here you are using?
Closed saadjumani closed 7 months ago
cddmp
commented
8 months ago Thank you for opening this issue. I will have a look at the issue you're facing. Do you get any error message? Could you post the command here you are using?
cddmp
commented
8 months ago I just gave it a try. It works fine for me. These are results I'm getting:
I'm using this command:
enum4linux-ng.py 10.10.32.96 -R 1000
Other than enum4linux.pl, enum4linux-ng allows to do RID cycling in parallel. So here you query 1000 RIDs in one step. It works also for me without this bulk size (just the -R parameter without any number behind). It just takes longer.
(Be aware that 1000 is a big of an extreme value, in a real life pentest I would lower this to 50 or so.)
Btw. you can always us the -v parameter. It will give you some debugging output.
So you must face a different problem. I wonder if this might be a timeout issue.
cddmp
commented
7 months ago @saadjumani Could you solve the issue? If there is any issue with the code, I would like to fix it. :)
The only explanation which would come to my mind is, that you might have run into a timeout situation due to network latency. The original enum4linux does not set a default timeout for all tools. Instead it relies on the default timeout values of the underlying tools. For tools like smbclient the default timeout is 20 seconds, while enum4linux-ng sets a default timeout of 5 seconds. In case of a timeout issue, you should see error messages like "timed out". Do you see such error messages? The timeout can be increased with the -t parameter. I wonder if it would make sense to increase the default timeout for high latency network connections.
cddmp
commented
7 months ago Will close this for now. Still happy if you want to give feedback. :)
Okay, this could simply be because I, being a noob, am unable to use it properly but it appears that enum4linux-ng seems to be unable to enumirate users using RID recycling, even with the -R flag used.
Im following tryhackme room titled "Basic Penetration Testing" with walkthrough from John Hammond who used the original enum4linux perl script. It worked for him and found a user through RID recycling. I tried it with enum4linux-ng and it didn't work. I found that it doesn't use RID recycling by default so tried again with --R flag. Still didn't find any users.
Then I ran the original perl script (enum4linux.pl) and it found it. Am I doing something wrong or is the RID recycling module of the ng version malfunctioning?
Steps to reproduce:
1) follow John Hammond's walkthrough on TryHackMe's "Basic Penetration Testing". https://www.youtube.com/watch?v=xl2Xx5YOKcI 2) Try to do what he does at 14:50 mark, but enum4linux-ng instread of enum4linux.pl.