Set the keyboard layout to german in kali
sudo setxkbmap de


enumerate some ports
nmap -p- --min-rate=1000 -T4 trg.com | grep ^[0-9] > p01
cat p01 | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$// > p02
nmap -sC -sV -p$(cat p02) trg.com


– nmap: scan trg.com with at least 1000 packages per second
– grep: take lines starting with 0 to 9 and write them to a file named p01
– output the file port and cut all lines after / and choose the part before
– tr: replace all \n with ,
– sed: remove trailing semicolon and store in file named p02
– nmap: scan target.com collected ports for scripts (sC) and for version (sV)


check sambaservice
smbclient -N -L trg.com
-N: no password
-L: the host to scan

smblient -N trg.com/foldername
connect to a samba folder


check on mssqlserver if you have sysadmin rights
SELECT IS_SRVROLEMEMBER('sysadmin')