Pentest Tips
  • ABOUT
  • Information Shares
  • CTF
    • Stego
    • Memory
  • Blue Team
    • Tools/Resources
    • One Liners
    • Threat Hunting
    • Scripts
    • Intrusion
  • Web
    • Resources
    • General Web
    • Subdomain Discovery
    • Content Discovery
    • MYSQL
    • Burpsuite
  • Network Exploitation
    • Resources
    • Kerberos
    • Network Based
    • Phishing
    • Metasploit
    • Weaponization
    • Password Cracking
    • Shell Upgrades
    • Linux PrivEsc
    • Windows PrivEsc
    • Windows Persistence
    • Exfiltration
  • Windows Internals
    • Kernal
  • Recon
    • Nmap
    • OSINT
    • SMB Enumeration
    • LDAP
    • Physical
  • Malware
    • Obfuscation
  • Scripting
    • Bash Basics
    • Powershell Basics
  • Cloud
    • AWS
  • Game Hacking
    • Resources
Powered by GitBook
On this page
  • Enum4Linux
  • NMAP
  • SMBClient
  • SMBClient commands
Edit on GitHub
  1. Recon

SMB Enumeration

Enum4Linux

Scan a bunch of stuff:

enum4linux -A <ip>

Authenticated scan:

enum4linux -u <username> -p <password> -U <ip>

Verbose mode:

enum4linux -v <ip>

NMAP

Shares and users:

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

Run all smb scripts:

nmap --script=smb-enum-* <ip>

SMB Vuln Scan

nmap --script smb-vuln* <ip>

SMBClient

Login using creds:

smbclient //<ip>/<share> -u <username>

Don't have creds?

smbclient //<ip>/<share> -N

Command Not working?

smbclient //10.11.1.111/ --option='client min protocol=NT1'

Stupid Win

smbclient.py -no-pass Administrator@10..10.10.10 -port 445

SMBClient commands

Command
Description

get <filename>

Gets a file from the server

put <local file name> <remote file name>

uploads file to server

PreviousOSINTNextLDAP

Last updated 2 years ago