🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • Enumeration
  • Bruteforce
  • File Operations

Was this helpful?

  1. Enumeration

SMB

SMB service is found in windows by default, and can be configured in linux aswell. Improper implementation provides the access to some contents, commonly used tools are SMBClient, cme and Enum4linux

Enumeration

  • Listing the shares

smbclient -U '' -N \\\\10.10.10.10\\
cme smb 10.10.10.10 -u 'username' -p 'password' --shares
  • Accessing the share

smbclient -U 'user' \\\\10.10.10.10\\sharename

Bruteforce

cme smb $ip -u users.txt -p pass.txt --continue-on-success

# hashes bruteforce
cme smb $ip -u users.txt -H "NTLMHASH" --continue-on-success

# enumerate users if the IPC share is readable
cme smb $ip -u user -p password --rid-brute

File Operations

# download a file
get filename
# y/n prompt disable
prompt off
# recurse download
recurse on
prompt OFF
mget *
PreviousPOP3NextIMAP

Last updated 2 years ago

Was this helpful?