SMB service is found in windows by default, and can be configured in linux aswell. Improper implementation provides the access to some contents, commonly used tools are SMBClient, cme and Enum4linux


  • Listing the shares

smbclient -U '' -N \\\\\\
cme smb -u 'username' -p 'password' --shares
  • Accessing the share

smbclient -U 'user' \\\\\\sharename


cme smb $ip -u users.txt -p pass.txt --continue-on-success

# hashes bruteforce
cme smb $ip -u users.txt -H "NTLMHASH" --continue-on-success

# enumerate users if the IPC share is readable
cme smb $ip -u user -p password --rid-brute

File Operations

# download a file
get filename
# y/n prompt disable
prompt off
# recurse download
recurse on
prompt OFF
mget *

Last updated