Enumerating


### Enumeration :
>>>enum4linux -A $IP -oA enum4linux.txt
>>> smbmap -H $IP																				[checks for permission ]
>>> smbmap -u ceso -H $IP																		[ If We Have User:Pass ]
>>> smbmap -H $IP -v 
>>> nmblookup -A $IP
>>> crackmapexec smb $IP
>>> nbtscan -r $IP/24
>>> nmblookup -A $IP

----------------------------------------------------------------------------------------------------------------
###List Shares:
>>> smbclient -L $IP
----------------------------------------------------------------------------------------------------------------
### Null Sessions :
>>> rpcclient -U "" $IP
>>> /usr/share/doc/python3-impacket/examples/smbclient.py ""@$IP
----------------------------------------------------------------------------------------------------------------

### Vulnerability Scan :

>>> nmap --script=smb-vuln* --script-args=unsafe=1 -T5 $IP

>>> nmap -sV -Pn -vv -p 445 --script='(smb*) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $IP

>>> nmap --script smb-enum-*,smb-vuln-*,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-protocols -p 139,445 $IP

>>> nmap --script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse -p 139,445 $IP

Getting Version : 
>>> msfconsole; use scanner/smb/smb_version; set RHOSTS $ip; run

----------------------------------------------------------------------------------------------------------------
# rpcclient commands
>>> rpcclient -U "" $IP
	srvinfo
	enumdomusers
	getdompwinfo
	querydominfo
	netshareenum
	netshareenumall
----------------------------------------------------------------------------------------------------------------

### Run cmd over smb from linux
>>> winexe -U username //10.11.1.111 "cmd.exe" --system

----------------------------------------------------------------------------------------------------------------



====Aaj_Ki_Baat_Windows_Ke_Saath==========================→ 

### Mounting it in Windows with Powershell :
>>> New-PSDrive -Name "tools" -PSProvider "Filesystem" -Root "\\$IP\tools"
>>> net use z: \\$IP\tools"														     [ Without Power-Shell ]
----------------------------------------------------------------------------------------------------------------
### list mounteda shares :
>>> Get-SMBShare																				[ With Power-Shell ]
>>> net share																					[ Without Power-Shell ]

----------------------------------------------------------------------------------------------------------------

PreviousSamba NextAccessing

Last updated 2 years ago

### Enumeration : >>>enum4linux -A $IP -oA enum4linux.txt >>> smbmap -H $IP [checks for permission ] >>> smbmap -u ceso -H $IP [ If We Have User:Pass ] >>> smbmap -H $IP -v >>> nmblookup -A $IP >>> crackmapexec smb $IP >>> nbtscan -r $IP/24 >>> nmblookup -A $IP ---------------------------------------------------------------------------------------------------------------- ###List Shares: >>> smbclient -L $IP ---------------------------------------------------------------------------------------------------------------- ### Null Sessions : >>> rpcclient -U "" $IP >>> /usr/share/doc/python3-impacket/examples/smbclient.py ""@$IP ---------------------------------------------------------------------------------------------------------------- ### Vulnerability Scan : >>> nmap --script=smb-vuln* --script-args=unsafe=1 -T5 $IP >>> nmap -sV -Pn -vv -p 445 --script='(smb*) and not (brute or broadcast or dos or external or fuzzer)' --script-args=unsafe=1 $IP >>> nmap --script smb-enum-*,smb-vuln-*,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-protocols -p 139,445 $IP >>> nmap --script smb-enum-domains.nse,smb-enum-groups.nse,smb-enum-processes.nse,smb-enum-sessions.nse,smb-enum-shares.nse,smb-enum-users.nse,smb-ls.nse,smb-mbenum.nse,smb-os-discovery.nse,smb-print-text.nse,smb-psexec.nse,smb-security-mode.nse,smb-server-stats.nse,smb-system-info.nse,smb-vuln-conficker.nse,smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-regsvc-dos.nse -p 139,445 $IP Getting Version : >>> msfconsole; use scanner/smb/smb_version; set RHOSTS $ip; run ---------------------------------------------------------------------------------------------------------------- # rpcclient commands >>> rpcclient -U "" $IP srvinfo enumdomusers getdompwinfo querydominfo netshareenum netshareenumall ---------------------------------------------------------------------------------------------------------------- ### Run cmd over smb from linux >>> winexe -U username //10.11.1.111 "cmd.exe" --system ---------------------------------------------------------------------------------------------------------------- ====Aaj_Ki_Baat_Windows_Ke_Saath==========================→ ### Mounting it in Windows with Powershell : >>> New-PSDrive -Name "tools" -PSProvider "Filesystem" -Root "\\$IP\tools" >>> net use z: \\$IP\tools" [ Without Power-Shell ] ---------------------------------------------------------------------------------------------------------------- ### list mounteda shares : >>> Get-SMBShare [ With Power-Shell ] >>> net share [ Without Power-Shell ] ----------------------------------------------------------------------------------------------------------------