Samba (SMB)
smb -> server message block
net use * /delete -> deletes all the folders and files in SMB
net use z: \\<IP>\dir$ <password> <username> -> will create a samba share
nmap scans
To scan udp ports
nmap -sU $IP
# for the sake of speed, you can also scan top ports
# e.g. (scanning top 100)
# -> nmap -sU --top-ports 100 $IPsession enumeration
nmap $IP -p445 --script smb-enum-sessions \
--script-args smbusername=$username,smbpassword=$passwordshare enumerations
nmap $IP -p445 --script smb-enum-shares \
--script-args smbusername=$username,smbpassword=$passwordenumerate users -> to find how many users exists
nmap $IP -p445 --script smb-enum-users \
--script-args smbusername=$username,smbpassword=$passwordenumerate server staticstics -> prints out how many logged in, failed attempt count, etc.
enumerate domain (scan) -> find out how many domains are there
enumerate groups -> shows all users belongs to what groups
enumerate services -> to see what services are running
smb protocols or Dialects
What is dialect?
The SMB protocol has gone through various versions, and each version is referred to as a "dialect."
smb security level information
To find exact os & version smb is using
smb map
to list , see what permission we have
To run commands on the target machine (-x flag)
To list shares
to see contents of the shares
to upload to the smb share
to download the smb share
Login
msfconsole
msfconsole module to scan samba version
to enum shares
To bruteforce password
to scan pipes
nmblookup - a tool for recon smb
To scan an IP
smbclient
To list by host
To try connecting samba share without password
rpcclient
To connect to the smb share (username and password is NULL here)
To get username after login
to get server info
to get usernames
to get groups
to get SID of a user
enum4linux
to scan os
to scan shares
to list connected printers
RID cycling using enum4Linux
hydra
to bruteforce password
________________done with smb cheatsheet.
Last updated