SMB 139, 445

SAMBA

Help to list commands in smbclient

Enumeration

Auto enum: enum4linux {ip}

smbclient //{ip}/home

Operations

smbclient -U alice --password=aliceishere //127.0.0.1/Users -p 7799

list:
smbclient -L //10.11.1.31
smbclient //10.11.1.31/wwwroot 

**windows use \\
smbclient -U 'hutch.offsec\fmcsorley' \\\\192.168.222.122\\SYSVOL

list:
crackmapexec smb 192.168.222.122 -u fmcsorley -p CrabSharkJellyfish192 --shares

Version

tap0 tun0 interface depends on ip a current lab connection

sudo smbver

#!/bin/sh
#Author: rewardone
#Description:
# Requires root or enough permissions to use tcpdump
# Will listen for the first 7 packets of a null login
# and grab the SMB Version
#Notes:
# Will sometimes not capture or will print multiple
# lines. May need to run a second time for success.
if [ -z $1 ]; then echo "Usage: ./smbver.sh RHOST {RPORT}" && exit; else rhost=$1; fi
if [ ! -z $2 ]; then rport=$2; else rport=139; fi
tcpdump -s0 -n -i tun0 src $rhost and port $rport -A -c 7 2>/dev/null | grep -i "samba\|s.a.m" | tr -d '.' | grep -oP 'UnixSamba.*[0-9a-z]' | tr -d '\n' & echo -n "$rhost: " &
echo "exit" | smbclient -L $rhost 1>/dev/null 2>/dev/null
echo "" && sleep .1

PreviousSMTP 25 NextMSSQL 1433

Last updated 2 years ago

Enumeration

Connect to share

Operations

Version