SMB Enumeration

Table of contents

1. Vulnerability
2. Prerequisites
3. Exploit
4. Useful links
5. Recommendations

---

Vulnerability

TODO: Describe the vulnerability here.

Prerequisites

• Network route to the network you want to scan.

Exploit

# Using nmap ...
nmap -v -p 139,445 $target

# ... and its NSE scripts (ex: to guess OS thanks to SMB port).
ls -1 /usr/share/nmap/scripts/smb*
nmap -v -p 139,445 --script smb-os-discovery $target

# Using nbtscan.
sudo nbtscan -r $target

# Using net: list all shares running on target.
net view \\$target /all

# Using cme as null session, anonymous and guest.
crackmapexec smb $target -u '' -p '' --shares
crackmapexec smb $target -u 'a' -p '' --shares
crackmapexec smb $target -u 'guest' -p '' --shares

# Using smbmap as anonymous and guest.
smbmap -u '' -p '' -P 445 -H $target
smbmap -u 'guest' -p '' -P 445 -H $target

# Using smbclient as anonymous and guest.
smbclient -U'%' -L //$target
smbclient -U'guest%' -L //$target

# On a Windows computer, list currently used pipes.
ls \\.\pipe\

Useful links

• TODO: List links here.

Recommendations

• TODO: List recommendations here.