# SaMBa (139/445)

## Nmap Script

```basic
# Enumeration Users
nmap --script=smb-enum-users 10.10.10.10 

# Check for Vuln with nse script
nmap -p445 --script "vuln and safe" 10.10.10.10 

# Checking for Vulnerable
nmap -script=smb-vuln\* -p445 10.10.10.10 

#Nmap script to list the supported protocols and dialects of an SMB server.
nmap -p445 --script smb-protocols 10.10.10.10 

#Running security mode script to return the information about the SMB security level.
nmap -p445 --script smb-security-mode 10.10.10.10 

#Enumerate all available share
nmap -p445 --script smb-enum-shares 10.10.10.10 

#Enumerating all the shared folders and drives then running the ls command
nmap -p445 --script smb-enum-shares,smb-ls --script-args
smbusername=administrator,smbpassword=smbserver_771 10.10.10.10 
```

## SmbMap

```basic
# List share folder and permission on share drive
smbmap -H -R 10.10.10.10 

# Connect smb with username empty string
smbmap -H 10.10.10.10  -u "test -p "user

#Execute the command through SMB
smbmap -H 10.10.10.10 -u administrator -p smbserver_771 -x 'ipconfig'
```

## Crackmap

```basic
crackmapexec smb --shares 10.10.10.10 -u '' -p ''
```

## SmbClient

```basic
# List the share folder with no authentication
smbclient -L \\10.10.10.10 -N

# List all folders are avaialble
smbclient -L 10.10.10.10

# Connect to share folder
smbclient //10.10.10.10/users

smbclient -N //10.10.10.10/tmp

#Connect with credentials
smbclient -U admin //10.10.10.10/general

#Connect without credentials
smbclient -U '' -L //10.10.10.10

└─$ smbclient -L $ip -U 'user%password123'


*** Custom Ports
=======================================================
└─$ smbclient -L 10.10.10.10 -p36445
Enter WORKGROUP\pwned's password: 
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        Commander       Disk      Commander Files
        IPC$            IPC       IPC Service (Samba 4.12.6)
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.10.10 failed (Error NT_STATUS_IO_TIMEOUT)
Unable to connect with SMB1 -- no workgroup available
```

## Enum4linux

```basic
# Do all simple enumeration
enum4linux 10.10.10.10

# Get a list of user
└─$ enum4linux -U 10.10.10.10  
```

## Download File

```basic
recurse on
prompt off
mget *
```

## Map Drive

```basic
#Open “Map Network Drive”
Go to This PC → Network → Right Click on Network → Map Network Drive

#Via cmd
net use Z: \\10.10.10.10\C$ password123 /user:administrator
```

```basic
[Map Drive]
==================================================================
- Go to This PC -> Network -> Right Click on Network -> Map Network Drive
- net use Y: \\$ip\C$ -> Y:
- net use Y: \\$ip\C$ /user:administrator Password
- showmount -e $ip
- mount -t cifs -o "username=user,password=password" //$ip/share /mnt/share
- mount -f cifs //$ip/share /mnt/shar
```