Enumerate anonymous logon
Using a random username and password you can check if the target accepts annonymous logon
Make sure the password is empty
cme smb 10.10.10.178 -u 'a' -p ''
You can also check this behavior with smbclient or rpcclient
smbclient -N -L \\10.10.10.178
rpcclient -N -L 10.10.10.178
Network access: Shares that can be accessed anonymously
docsmsft

Example

Nest machine is a good example of anonymous logon with CrackMapExec
https://www.hackthebox.eu/home/machines/profile/225
www.hackthebox.eu
Copy link