SMB Enumeration
Enum4Linux
Scan a bunch of stuff:
enum4linux -A <ip>
Authenticated scan:
enum4linux -u <username> -p <password> -U <ip>
Verbose mode:
enum4linux -v <ip>
NMAP
Shares and users:
nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>
Run all smb scripts:
nmap --script=smb-enum-* <ip>
SMB Vuln Scan
nmap --script smb-vuln* <ip>
SMBClient
Login using creds:
smbclient //<ip>/<share> -u <username>
Don't have creds?
smbclient //<ip>/<share> -N
Command Not working?
smbclient //10.11.1.111/ --option='client min protocol=NT1'
Stupid Win
smbclient.py -no-pass Administrator@10..10.10.10 -port 445
SMBClient commands
Command
Description
get <filename>
Gets a file from the server
put <local file name> <remote file name>
uploads file to server
Last updated