Port 139, 445 - SMB

Scanning:

nmap --script "smb-vuln*" -p 139.445 -Pn $target
nmap -v -p 139,445 -oG smb.txt 10.11.1.1-254
nmap 10.11.1.220 --script=smb-os-discovery
nbtscan -r 10.11.1.0/24

Enumerate Users

enum4linux -A $IP

  • Accepts creds as arguments

Test For Access Level

crackmapexec smb $target -u guest -p "" --shares

Spider Shares [with Pattern]

crackmapexec smb $target -u 'username' -p 'password' --spider sharename\ --pattern txt

Spider_Plus

  • Lists all files and saves as json

crackmapexec smb $target -u 'username' -p 'password' -M spider_plus

Download Everything

smbmap -H $IP -R -A .

  • Use -exclude flag for shares you don't need

  • Use -depth flag if you don't need everything in a folder

Mount Share

mount -t cifs //$IP/share /mnt/share
mount -t cifs -o username=$user //$IP/share /mnt/share

RPCClient

rpcclient -U "" $IP

Eternalblue Manual Compilation: https://root4loot.com/post/eternalblue_manual_exploit/

PreviousPort 123 - NTPNextPort 143 - IMAP

Last updated