smb_enum

<<<<<<< HEAD

SMB ENUM Commands

Net Range

python ./sharesniffer.py --hosts 10.6.32.1/24 -s -a -v nmap -sS -Pn -vv --open 10.6.32.1/24 24 -p 139 -oA frsund_nmap_p139_DClan nbtscan 10.6.32.1/24 -v | tee frsund_nbtscan_dclan

IP List

smbmap --host-file /home/e/sharesniffer/frsund_smb_ip_lst nbtscan -f frsund_smb_ip.lst -v nmap --script smb-* --script-args=unsafe=1 -iL frsund_smb_ip.lst -oA smb_nmap_scripts -vv nmap -iL frsund_smb_ip_lst --script smb-vuln-* --script-args=unsafe=1 -p 445 -oA smb_nmap_scripts -vv

Specific IP

enum4linux -a -l -v -i -m 10.38.32.177 smbclient -L //10.38.32.177 nmblookup -A 10.38.32.177 -M -R -S smbclient -L //F-NAVI01 -I 10.38.32.177 -N smbclient //FROLIC/share -I 10.38.32.177 -N

SMB metasploit enum

setg rhosts 10.10.10.10, 10.10.10.11 setg threads 16 use auxiliary/scanner/smb/smb_lookupsid use auxiliary/scanner/smb/pipe_auditor use auxiliary/scanner/smb/pipe_dcerpc_auditor use auxiliary/scanner/smb/smb2 use auxiliary/scanner/smb/smb_enumshares use auxiliary/scanner/smb/smb_lookupsid use auxiliary/scanner/smb/smb_version

SMB ENUM Commands

Net Range

  • python ./sharesniffer.py --hosts 10.6.32.1/24 -s -a -v

  • nmap -sS -Pn -vv --open 10.6.32.1/24 24 -p 139 -oA nmap_p139_DClan

  • nbtscan 10.6.32.1/24 -v | tee nbtscan_dclan.txt

IP List

  • smbmap --host-file smb_ip_lst

  • nbtscan -f smb_ip.lst -v

  • nmap --script smb-* --script-args=unsafe=1 -iL smb_ip.lst -oA smb_nmap_scripts -vv

  • nmap -iL smb_ip_lst --script smb-vuln-* --script-args=unsafe=1 -p 445 -oA smb_nmap_scripts -vv

Specific IP

  • enum4linux -a -l -v -i -m 10.38.32.177

  • smbclient -L //10.38.32.177

  • nmblookup -A 10.38.32.177 -M -R -S

  • smbclient -L //WHATEVER -I 10.38.32.177 -N

  • smbclient //XXX/share -I 10.38.32.177 -N

SMB metasploit enum

Add too smb_enum.rc and run with resource smb_enum.rc

  • setg rhosts 10.10.10.10, 10.10.10.11

  • setg threads 16

  • use auxiliary/scanner/smb/smb_lookupsid

  • run

  • use auxiliary/scanner/smb/pipe_auditor

  • run

  • use auxiliary/scanner/smb/pipe_dcerpc_auditor

  • run

  • use auxiliary/scanner/smb/smb2

  • run

  • use auxiliary/scanner/smb/smb_enumshares

  • run

  • use auxiliary/scanner/smb/smb_lookupsid

  • run

  • use auxiliary/scanner/smb/smb_version

  • run

9c7e4682f0c048fa50ea5acd58379e4bfba53c53

PreviousPrivilege Escalation & Post-ExploitationNextwhois-file-transfer

Last updated