SMB - 139, 445
Server Connection
smbmap
$ smbmap -H $ip
$ smbmap -u <user> -H $ipsmbclient
$ smbclient -L $ip
$ smbclient -N -L //10.10.10.4Scanning Vul
$ ls -l /usr/share/nmap/scripts/smb*
$ nmap -p 139,445 --script smb-vul* $ipSMB Enum
Guess Server's Version
$ nmap -A 10.10.10.4
$ nmap -p 139,445 $ip --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discoveryMount Access
$ mount -t cifs -o user=USERNAME,sec=ntlm,dir_mode=0077 "//ip/My Share" /mnt/cifs
$ mount -o nolock $ip:/home ~/home/-rwx------ 1 1014 1014 48 Jun 10 09:16 creds.txt
$ sudo adduser pwn
$ sudo sed -i -e 's/1001/1014/g' /etc/passwd
$ su pwn
$ cat creds.txtsmbclient
$ smbclient //ip/tmp
$ smbclient \\\\ip\\ipc$ -U john
$ smbclient //ip/ipc$ -U johnnbtscan
$ nbtscan -r $ipEnum4linux
$ enum4linux -a $iprpcclient
$ rpcclient -U "" $ipSMB Common Commands
$ srvinfo
$ enumdomusers
$ getdompwinfo
$ querydominfo
$ netshareenum
$ netshareenumallLast updated
Was this helpful?