🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page

Was this helpful?

  1. Gaining Access
  2. Other Services

Enumerating SMB

Previous21 - FTPNextWeb

Last updated 4 years ago

Was this helpful?

The SMB (Server Message Block) had a poor security track over the years. It has services running on ports 445 or 139. Our initial nmap scan will probably find the SMB service.

Tools

nbtscan has the ability to scan entire subnets for SMB shares.

smbclient can interact with a SMB service. use "-L \\\\<IP>\\" for anonymous login.

SMBMap allows enumerating shares across an entire domain. Supposed to be easy to use with pentesting in mind.

enum4linux [].

metasploit auxiliary/scanner/smb/smb_version.

cheatsheet