SMB Enumeration

Network scan

nbtscan -r 192.168.1.0/24

Retrieve information

Nmap

nmap --script "safe or smb-enum-*" -p 139,445 <IP>

Enum4Linux

enum4linux-ng -A <IP>
enum4linux-ng -A -u <user> -p <password> <IP>

Enumerate Users & Groups

Crackmapexec

crackmapexec smb <IP> --users [-u <user> -p <password>]
crackmapexec smb <IP> --groups [-u <user> -p <password>]

Shares enumeration

List shares and connect

Smbclient

smbclient -N -L //<IP>
smbclient -N //<IP>/<Folder>
smbclient -U '<username[%password]>' -L //<IP>
smbclient -U '<username[%password]>' //<IP>/<Folder>

Smbmap

smbmap -H <IP> [-P <PORT>]
smbmap -u <username> -p <password> -H <IP> [-P <PORT>]
smbmap [-u <username -p <password>] -R [<Folder>] -H <IP> [-P <PORT>]

Crackmapexec

crackmapexec smb <IP> -u '' -p '' --shares
crackmapexec smb <IP> -u <username> -p <password> --shares

Mount a shared folder

mount -t cifs //<IP>/share /mnt/share
mount -t cifs -o "username=<username>,password=<password>" //<IP>/share /mnt/share

Download files

smbclient //<IP>/<share>
> mask ""
> recurse
> prompt
> mget *

Last updated