💾
kurare
  • 🤸Welcome!
  • 🔤Alphabet Soup
  • Training
    • CTFs & Labs
  • Directory Traver
  • Reporting
  • Toolbox
  • Rando Links
  • GRC (The box-checkers)
  • Common Software Repository
  • Social Networking
  • Penetration Testing Frameworks
  • Playbooks
    • Playbook: Figuring out software versions
    • Playbook: web applications
    • Playbook: Finding exploits
    • Playbook: Cloud Environments
  • Testing out credentials
  • Active Directory
  • Checklists
    • Pretest phase
    • Host Discovery
    • Website (external)
    • Black-box External Test
    • Host Enumeration
    • SMB enumeration
    • Page
  • Reporting
  • Services
    • VOIP / SIP
Powered by GitBook
On this page
  1. Checklists

SMB enumeration

PreviousHost EnumerationNextPage

Last updated 1 year ago

  • crackmapexec

  • enum4linux -a 10.10.10.10

Use null sessions:

  • smbclient --no-pass -L // # Null user

  • crackmapexec smb -u '' -p '' --shares #Null user

List shares:

  • smbclient --no-pass //<ip address>/<folder>

Connect with credentials:

  • smbmap -u "username" -p "password" -H [-P ] #Creds

  • crackmapexec smb -u 'username' -p 'password' --shares #Guest user

Pass the hash:

  • smbclient -U 'username[%passwd]' -L [--pw-nt-hash] // #If you omit the pwd, it will be prompted. With --pw-nt-hash, the pwd provided is the NT hash

  • smbmap -u "username" -p ":" -H [-P ] #Pass-the-Hash

  • crackmapexec smb -u 'username' -H '' --shares #Guest user

https://book.hacktricks.xyz/network-services-pentesting/pentesting-smb