Smbclient
Smbclient lets you enumerate smbshares quickly and without making too much noise.
Listing shares:
1
2
3
| smbclient -L //<ip> # -L ==listshars
smbclient -U "<username>" -L //<ip> "<password>" # try -U "guest"| "" |"anonymous"
|
Connecting to shares:
1
2
| smbclient -U "<username>" //<ip>/<share> "<password>"
smbclient -U "" //<ip>/<share> -c 'recurse;ls' " " > smbdirs # show files on share
|
Smbmap
Listing shares:
1
2
| smbmap -H <ip> #-H ==host
smbmap -H <ip> -u "<username>" -p "<password>"
|
Executing commands:
1
2
| smbmap -H <ip> -u "<username>" -p "<password>" -x "cmd-command to execute"
smbmap -H <ip> -u "<username>" -p "<password>" -X "ps-command to execute"
|
Enum4linux
- this isnt really manual anymore and very noisy but it combines a bunch of tools *to get workgroups, shares, permissions …
1
| enum4linux <ip> -u "<username>" -p "<password" > enum4linux.txt
|
Smbcacls
*this one lets u check for ACL
1
2
|
smbcacls //<ip>/<share> /<dir> -U <user>%<password>
|
Important Articles
ACL stuff. microsoft.com
Enum-tools. hackingarticles.in
Dropping scf files on smb shares. pentestlab.blog
About NTLM. visualitynq.com
