Skip to content

139,445 - Pentesting smb

139 - NetBIOS 145 - SMB

SMB - Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.

nmap

nmap -p 445 -A <IP> 
ls /usr/share/nmap/scripts/*smb*
nmap -p 139,445 --script=smb-enum-users.nse <IP> | tee smb-users.raw.txt
nmap -p 139,445 --script=smb-enum-shares.nse <IP> | tee smb-shares.raw.txt
nmap -p 139,445 --script=smb-* <IP> | tee smb-vuln.raw.txt

nbtscan

sudo nbtscan -r 10.11.1.0/24

enum4linux

enum4linux -a $(target)

crackmapexec

crackmapexec smb $(target) -u 'guest' -p '' --users | tee smb.users.txt
crackmapexec smb $(target) -u 'guest' -p '' --shares  | tee smb.shares.txt
crackmapexec smb $(target) -u 'guest' -p '' --groups  | tee smb.groups.txt
crackmapexec smb $(target) -u 'guest' -p '' --local-groups  | tee smb.local-groups.txt
crackmapexec smb $(target) -u 'guest' -p '' --loggedon-users  | tee smb.loggedon-user.txt
crackmapexec smb $(target) -u 'guest' -p '' --rid-brute  | tee smb.rid.txt
crackmapexec smb $(target) -u 'guest' -p '' --sessions  | tee smb.sessions.txt
crackmapexec smb $(target) -u 'guest' -p '' --pass-pol  | tee smb.pass-pol.txt

smbmap

smbmap -H spookysec.local -d spookysec.local -u svc-admin -p management2005

smbclient

smbclient //11.22.33.44/shares -U 'guest'
smbclient '\\11.22.33.44\shares' --user='admin' --password='123456'
smbclient '\\11.22.33.44\shares' --no-pass
smbclient '\\11.22.33.44\shares' -U 'guest' -N
smbclient '\\11.22.33.44\shares' -U 'guest'
smbclient '\\11.22.33.44\shares\'
get folder
smbclient '\\11.22.33.44\[share]' -U 'guest' -N -c 'prompt OFF;recurse ON;  mget *'
smbclient '\\11.22.33.44\[share]' -N -c 'prompt OFF;recurse ON;cd "Share\"; lcd "/home/kali/workspace/gatekeeper/smb_dump/Share/"; mget *'
smbclient '\\11.22.33.44\[share]' -N -c 'prompt OFF;recurse ON;cd "Profile\"; lcd "/home/kali/workspace/gatekeeper/smb_dump/Default/"; mget *'

smbget

smbget -R 'smb://11.22.33.44/anonymous/'
smbget -R 'smb://11.22.33.44/Users/desktop.ini'