NetBIOS, SMB - 139,445

  • list SMB shares 

nmap --script "safe or smb-enum-*" -p 139,445 $IP -oN recon/nmap.smb_enum
smbmap -H return.local -u svc-printer -p "1edFg43012\!\!" -r

  • basic enumeration

enum4linux -avA $IP -u user -p pass > recon/enum_4_linux
nmblookup -A $IP
nbtscan 192.168.10.0/24 # Discover Windows Servers on a subnet
nmap --script=smb-enum-shares --script-args smbusername=$username,smbpassword=$password -p 139,445

  • check vulns

nmap --script smb-vuln* -p 139,445 $IP -oN recon/nmap.smb_vuln

  • read shares

smbclient -N -L \\\\$IP
smbclient -U 'user%passwd' -L //$IP
smbclient -N //$IP/share

  • download files recursively 

smbclient '\\\\$IP\\share' -N -c 'prompt OFF ; recurse ON ; cd 'where\from' ; lcd 'where/to'
PreviousDNS-53NextSNMP-161

Last updated