SaMBa (139/445)
Nmap Script
# Enumeration Users
nmap --script=smb-enum-users 10.10.10.10
# Check for Vuln with nse script
nmap -p445 --script "vuln and safe" 10.10.10.10
# Checking for Vulnerable
nmap -script=smb-vuln\* -p445 10.10.10.10
#Nmap script to list the supported protocols and dialects of an SMB server.
nmap -p445 --script smb-protocols 10.10.10.10
#Running security mode script to return the information about the SMB security level.
nmap -p445 --script smb-security-mode 10.10.10.10
#Enumerate all available share
nmap -p445 --script smb-enum-shares 10.10.10.10
#Enumerating all the shared folders and drives then running the ls command
nmap -p445 --script smb-enum-shares,smb-ls --script-args
smbusername=administrator,smbpassword=smbserver_771 10.10.10.10 SmbMap
# List share folder and permission on share drive
smbmap -H -R 10.10.10.10
# Connect smb with username empty string
smbmap -H 10.10.10.10 -u "test -p "user
#Execute the command through SMB
smbmap -H 10.10.10.10 -u administrator -p smbserver_771 -x 'ipconfig'Crackmap
crackmapexec smb --shares 10.10.10.10 -u '' -p ''SmbClient
# List the share folder with no authentication
smbclient -L \\10.10.10.10 -N
# List all folders are avaialble
smbclient -L 10.10.10.10
# Connect to share folder
smbclient //10.10.10.10/users
smbclient -N //10.10.10.10/tmp
#Connect with credentials
smbclient -U admin //10.10.10.10/general
#Connect without credentials
smbclient -U '' -L //10.10.10.10
ββ$ smbclient -L $ip -U 'user%password123'
*** Custom Ports
=======================================================
ββ$ smbclient -L 10.10.10.10 -p36445
Enter WORKGROUP\pwned's password:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
Commander Disk Commander Files
IPC$ IPC IPC Service (Samba 4.12.6)
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.10.10 failed (Error NT_STATUS_IO_TIMEOUT)
Unable to connect with SMB1 -- no workgroup availableEnum4linux
# Do all simple enumeration
enum4linux 10.10.10.10
# Get a list of user
ββ$ enum4linux -U 10.10.10.10 Download File
recurse on
prompt off
mget *Map Drive
#Open βMap Network Driveβ
Go to This PC β Network β Right Click on Network β Map Network Drive
#Via cmd
net use Z: \\10.10.10.10\C$ password123 /user:administrator[Map Drive]
==================================================================
- Go to This PC -> Network -> Right Click on Network -> Map Network Drive
- net use Y: \\$ip\C$ -> Y:
- net use Y: \\$ip\C$ /user:administrator Password
- showmount -e $ip
- mount -t cifs -o "username=user,password=password" //$ip/share /mnt/share
- mount -f cifs //$ip/share /mnt/sharLast updated