Enumerate null sessions

Checking if Null Session is enabled on the network, can be very useful on a Domain Controller to enumerate users, groups, password policy etc
#~ cme smb -u '' -p ''
#~ cme smb --pass-pol
#~ cme smb --users
#~ cme smb --groups
You can also reproduce this behavior with smbclient or rpcclient
smbclient -N -U "" -L \\
rpcclient -N -U "" -L \\
rpcclient $> enumdomusers
user:[bonclay] rid:[0x46e]
user:[zoro] rid:[0x46f]


Forest or Monteverde machines are good examples to test null session authentication with CrackMapExec