SMB

SMB service is found in windows by default, and can be configured in linux aswell. Improper implementation provides the access to some contents, commonly used tools are SMBClient, cme and Enum4linux

Enumeration

  • Listing the shares
smbclient -U '' -N \\\\10.10.10.10\\
cme smb 10.10.10.10 -u 'username' -p 'password' --shares
  • Accessing the share
smbclient -U 'user' \\\\10.10.10.10\\sharename

Bruteforce

cme smb $ip -u users.txt -p pass.txt --continue-on-success
# hashes bruteforce
cme smb $ip -u users.txt -H "NTLMHASH" --continue-on-success
# enumerate users if the IPC share is readable
cme smb $ip -u user -p password --rid-brute

File Operations

# download a file
get filename
# y/n prompt disable
prompt off
# recurse download
recurse on
prompt OFF
mget *