SMB (445)

Anonymous Login

smbclient -L \\\\$IP -N

Bulk enumeration

crackmapexec smb 172.16.20.3-254 -u '' -p '' --shares

If you able to login to the machine, to retrieve all share folder in the specific hostname:

net view <hostname> /all

Enumerate / list the shares

smbclient -L //$IP/

smbmap -H $IP

crackmapexec smb $IP -u '' -p '' --shares -M spider_plus

Accessing the shares

smbclient //$IP/shares
# input blank password for anonymous login

smbclient //$IP/shares -U <username>%<password>

smbmap -u <username> -p <password -H $IP

there are some dir shares?

crackmapexec smb <ip> -u <username> -p <password> --shares

crackmapexec smb <ip> -u <username> -p <password> --shares -M spider_plus
# check spider_plus output in the [Tools]> [json]

smbmap -u <username> -p <password> -H $IP -r --exclude SYSVOL
smbmap -u <username> -p <password> -H $IP -R

smbmap -R <share> -H $IP

# wanna download a file?
smbmap -R <share> -H $IP -A <just filename> -q
locate <just filename>

smbclient -U <username> //$IP/shares
smbmap -u <username> -p <password> -H $IP --download <shares>/<folder>/<file>

PreviousWordpress NextLDAP

Last updated 2 months ago