Most common readable files on back-end servers or Linux is /etc/passwd and C:\Windows\boot.ini on Windows. ## Tools to Enumerate SMB smbclient, crackmapexec, and smbmap. Example ``` User@VM$ cme smb <TARGET IP> ``` To List Shares ``` User@VM$ cme smb <TARGET IP> --shares -u '' -p '' ``` To above example will look for smb shares with the user set as anonymous and with a blank password. To enter a user or password simply input the characters within the ' ' . To access discovered shares the use of smbclient is particularly helpful. Example ``` User@VM$ smbclient -N //<TARGET IP>//<SHARE> ``` The above example does not specify a user and will therefore defualt to the system user-name. the "-N" flag equates to no password.