SMB Enumeration

Enum4Linux

Scan a bunch of stuff:

enum4linux -A <ip>

Authenticated scan:

enum4linux -u <username> -p <password> -U <ip>

Verbose mode:

enum4linux -v <ip>

Shares and users:

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

Run all smb scripts:

nmap --script=smb-enum-* <ip>

SMB Vuln Scan

nmap --script smb-vuln* <ip>

Login using creds:

smbclient //<ip>/<share> -u <username>

Don't have creds?

smbclient //<ip>/<share> -N

Command Not working?

smbclient //10.11.1.111/ --option='client min protocol=NT1'

Stupid Win

smbclient.py -no-pass Administrator@10..10.10.10 -port 445

Command

Description

get <filename>

Gets a file from the server

put <local file name> <remote file name>

uploads file to server

Last updated 3 years ago