SMB

Try to find hosts on a network:

nbtscan -r <IP CDR>

cme smb <IP CDR>

Vulnerability Scan

SMB is a well beatup service. There are several well-known vulnerabilities that just may be lurking around in this target. Running a quick vulnerability scan on this service may reveal a quick way in.

sudo nmap -p 139,445 --script vuln <IP>

Attempt to list the shares without authenticating.

smbmap

smbmap -u "" -H <IP>

smbclient

smbclient --no-pass -L //<IP>

crackmapexec

crackmapexec smb <ip> --shares -u 'a' -p '' # anonymous session
crackmapexec smb <ip> --shares -u '' -p '' # null sessions

SMBeagle this will put all the file names into a CSV for all the shares it can access with the given user and password

SMBeagle -c files-on-shares.csv -f -u 'a' -p ''

smbclient

smbclient --no-pass //<IP>/<SHARE NAME>

User Enumeration

net rpc group members 'Domain Users' -W 'NORTH' -I '<IP>' -U '%'

PreviousRSYNC NextSMTP

Last updated 2 years ago

Was this helpful?

Try to find hosts on a network:

Vulnerability Scan

Attempt to list the shares without authenticating.

Attempt to connect to a share without authenticating.

User Enumeration