NetBIOS, SMB - 139,445

list SMB shares

nmap --script "safe or smb-enum-*" -p 139,445 $IP -oN recon/nmap.smb_enum
smbmap -H return.local -u svc-printer -p "1edFg43012\!\!" -r

basic enumeration

enum4linux -avA $IP -u user -p pass > recon/enum_4_linux
nmblookup -A $IP
nbtscan 192.168.10.0/24 # Discover Windows Servers on a subnet
nmap --script=smb-enum-shares --script-args smbusername=$username,smbpassword=$password -p 139,445

check vulns

nmap --script smb-vuln* -p 139,445 $IP -oN recon/nmap.smb_vuln

read shares

smbclient -N -L \\\\$IP
smbclient -U 'user%passwd' -L //$IP
smbclient -N //$IP/share

download files recursively

smbclient '\\\\$IP\\share' -N -c 'prompt OFF ; recurse ON ; cd 'where\from' ; lcd 'where/to'

PreviousDNS-53 NextSNMP-161

Last updated 1 year ago

NetBIOS, SMB - 139,445

list SMB shares

nmap --script "safe or smb-enum-*" -p 139,445 $IP -oN recon/nmap.smb_enum
smbmap -H return.local -u svc-printer -p "1edFg43012\!\!" -r

basic enumeration

enum4linux -avA $IP -u user -p pass > recon/enum_4_linux
nmblookup -A $IP
nbtscan 192.168.10.0/24 # Discover Windows Servers on a subnet
nmap --script=smb-enum-shares --script-args smbusername=$username,smbpassword=$password -p 139,445

check vulns

nmap --script smb-vuln* -p 139,445 $IP -oN recon/nmap.smb_vuln

read shares

smbclient -N -L \\\\$IP
smbclient -U 'user%passwd' -L //$IP
smbclient -N //$IP/share

download files recursively

smbclient '\\\\$IP\\share' -N -c 'prompt OFF ; recurse ON ; cd 'where\from' ; lcd 'where/to'

PreviousDNS-53 NextSNMP-161

Last updated 1 year ago