- Do an nmblookup (similar to nbtstat)
enum4linux -n <TARGET IP>
- After finding if target is using type 20 we check the password policy
enum4linux -P <TARGET IP>
- Enumerate the shares
enum4linux -S <TARGET IP>
- If we dont get enough information we can bruteforce the shares
enum4linux -s /usr/share/enum4linux/share-list.txt <TARGET IP>
- We can run all previous commands with the following
enum4linux -a <TARGET IP>