445 - Pentesting smb
SMB - Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network.
nmap
nmap -p 445 -A $(target)
ls /usr/share/nmap/scripts/*smb*
nmap -p 139,445 --script=smb-enum-users.nse $(target)
nmap -p 139,445 --script=smb-enum-shares.nse $(target)
nmap -p 139,445 --script=smb-vuln-* $(target) | tee nmap.smb.vuln.txt
enum4linux
enum4linux -S $(target)
enum4linux -a $(target)
crackmapexec
crackmapexec smb $(target) -u 'guest' -p '' --users | tee smb.users.txt
crackmapexec smb $(target) -u 'guest' -p '' --shares | tee smb.shares.txt
crackmapexec smb $(target) -u 'guest' -p '' --groups | tee smb.groups.txt
crackmapexec smb $(target) -u 'guest' -p '' --local-groups | tee smb.local-groups.txt
crackmapexec smb $(target) -u 'guest' -p '' --loggedon-users | tee smb.loggedon-user.txt
crackmapexec smb $(target) -u 'guest' -p '' --rid-brute | tee smb.rid.txt
crackmapexec smb $(target) -u 'guest' -p '' --sessions | tee smb.sessions.txt
crackmapexec smb $(target) -u 'guest' -p '' --pass-pol | tee smb.pass-pol.txt
smbclient
smbclient '\\spookysec.local\backup' --user='svc-admin' --password='management2005'
smbclient //10.10.26.241/shares --no-pass
smbclient '\\10.10.26.241\shares' -U 'guest' -N
smbclient '\\10.10.26.241\shares' -U 'guest'
smbclient '\\10.10.176.235\anonymous\'
get files
smbget -R 'smb://10.10.176.235/anonymous/'
smbget -R 'smb://10.10.253.178/Users/desktop.ini'
get folder
smbclient '\\10.10.253.178\[share]' -U 'guest' -N -c 'prompt OFF;recurse ON; mget *'
smbclient '\\10.10.253.178\[share]' -N -c 'prompt OFF;recurse ON;cd "Share\"; lcd "/home/kali/workspace/gatekeeper/smb_dump/Share/"; mget *'
smbclient '\\10.10.253.178\[share]' -N -c 'prompt OFF;recurse ON;cd "Profile\"; lcd "/home/kali/workspace/gatekeeper/smb_dump/Default/"; mget *'