SMB enumeration

https://book.hacktricks.xyz/network-services-pentesting/pentesting-smb

  • crackmapexec

  • enum4linux -a 10.10.10.10

Use null sessions:

  • smbclient --no-pass -L // # Null user

  • crackmapexec smb -u '' -p '' --shares #Null user

List shares:

  • smbclient --no-pass //<ip address>/<folder>

Connect with credentials:

  • smbmap -u "username" -p "password" -H [-P ] #Creds

  • crackmapexec smb -u 'username' -p 'password' --shares #Guest user

Pass the hash:

  • smbclient -U 'username[%passwd]' -L [--pw-nt-hash] // #If you omit the pwd, it will be prompted. With --pw-nt-hash, the pwd provided is the NT hash

  • smbmap -u "username" -p ":" -H [-P ] #Pass-the-Hash

  • crackmapexec smb -u 'username' -H '' --shares #Guest user

PreviousHost EnumerationNextPage

Last updated