SMB Enumeration

Enum4Linux

Scan a bunch of stuff:

enum4linux -A <ip>

Authenticated scan:

enum4linux -u <username> -p <password> -U <ip>

Verbose mode:

enum4linux -v <ip>

NMAP

Shares and users:

nmap -p445 --script=smb-enum-shares.nse,smb-enum-users.nse <ip>

Run all smb scripts:

nmap --script=smb-enum-* <ip>

SMB Vuln Scan

nmap --script smb-vuln* <ip>

SMBClient

Login using creds:

smbclient //<ip>/<share> -u <username>

Don't have creds?

smbclient //<ip>/<share> -N

Command Not working?

smbclient //10.11.1.111/ --option='client min protocol=NT1'

Stupid Win

smbclient.py -no-pass Administrator@10..10.10.10 -port 445

SMBClient commands

Command	Description
get <filename>	Gets a file from the server
put <local file name> <remote file name>	uploads file to server