SMB Enumerate
Enumerate SMB
NMAP
ls /usr/share/nmap/scripts/ | grep SMBEnum4linux:
enum4linux -a 172.21.0.0SMBmap:
smbmap -H 172.21.0.0 -d [domain] -u [user] -p [password]
smbmap -H 172.21.0.0 -d [domain] -u "" -p ""SMBClient:
smbclient -L 172.21.0.0
smbclient //172.21.0.0/tmp
#protocol negotiation failed: NT_STATUS_CONNECTION_DISCONNECTED
Ran into this last nite. Go to ur /etc/samba/smb.conf file and add the following,
client min protocol = NT1. Under the global section
or
# smbclient -L <windows server name> -U <user name> -m SMB2
# smbclient -L <windows server name> -U <user name> -m SMB3Nmap:
nmap --script smb-enum-* -p 139,445, 172.21.0.0
nmap --script smb-* -p 139,445, 172.21.0.0
/usr/share/nmap/scripts/smb-enum-services.nse /usr/share/nmap/scripts/smb-enum-sessions.nse
/usr/share/nmap/scripts/smb-enum-shares.nse /usr/share/nmap/scripts/smb-enum-users.nse
/usr/share/nmap/scripts/smb-flood.nse /usr/share/nmap/scripts/smb-ls.nse
/usr/share/nmap/scripts/smb-mbenum.nse /usr/share/nmap/scripts/smb-os-discovery.nse
/usr/share/nmap/scripts/smb-print-text.nse /usr/share/nmap/scripts/smb-protocols.nse
/usr/share/nmap/scripts/smb-psexec.nse /usr/share/nmap/scripts/smb-security-mode.nse
/usr/share/nmap/scripts/smb-server-stats.nse /usr/share/nmap/scripts/smb-system-info.nse
/usr/share/nmap/scripts/smb-brute.nse /usr/share/nmap/scripts/smb-enum-domains.nse
/usr/share/nmap/scripts/smb-enum-groups.nse /usr/share/nmap/scripts/smb-enum-processes.nse Impacket
Is also possible to use impacket in the same way than smbclient to check for anonymous login (and a lot more as browse the shares) in case of incompatible versions.
/usr/share/doc/python3-impacket/examples/smbclient.py ""@192.168.24.24BruteForce
patator smb_login host=192.168.129.71 user=FILE0 password=FILE1 0=user 1=~/Desktop/rockyou.txt -x ignore:fgrep=STATUS_LOGON_FAILUREImpacket SmbClient:
/usr/share/doc/python3-impacket/examples/smbclient.py username@172.21.0.0RPCclient:
rpcclient -U "" -N 172.21.0.0 enumdomusersImpacket:
python3 samdump.py SMB 172.21.0.0CrackMapExec:
crackmapexec smb -L
crackmapexec 172.21.0.0 -u Administrator -H [hash] --local-auth
crackmapexec 172.21.0.0 -u Administrator -H [hash] --share
crackmapexec smb 172.21.0.0/24 -u user -p 'Password' --local-auth -M mimikatzsmb-mbenum
smb-mbenum script will use udp 139List Nmap SMB Scripts
!ls /usr/share/nmap/scripts/ | grep smb
smb2-capabilities.nse,smb2-security-mode.nse,smb2-time.nse,smb2-vuln-uptime.nse,smb-double-pulsar-backdoor.nse,smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-services.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-flood.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-protocols.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-cve-2017-7494.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse,smb-vuln-regsvc-dos.nseLast updated
Was this helpful?