SMB Enum

CheckList

  • Run enum4linux

  • Check version, null session.

  • Check share drives

  • If access to file system do the same as ftp attacks.

SMB Vulnerability Scan

nmap -p 445 -vv --script=smb-enum-shares.nse,smb-ls.nse,smb-enum-users.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-security-mode.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse 10.10.10.10

Enumerate users and shares

nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse 10.10.10.10

SMB Connect share

smbclient //IP_ADDRESS/share
smbclient //IP_ADDRESS/tmp
smbclient \\\\IP_ADDRESS\\ipc -U username_here
smbclient //IP_ADDRESS/ipc -U username_here  
smbclient -U '.' -L IP_ADDRESS
smbclient -U 'guest' -L IP_ADDRESS

Anonymous login:
smbclient //IP_ADDRESS/anonymous

Download file:
smbget -R smb://IP_ADDRESS/anonymous

List Shares

Enum4Linux

Enum4Linux enumerate users

Null Connect

NBTscan

Mount Share

CrackMapExec

SMBmap Connect

PreviousDNS EnumNextSMTP Enum

Last updated

Was this helpful?