Samba Enumeration for Penetration Testing - Short Tutorial
While engaging in penetration testing, you often found open ports 139 and port 445. This denotes smb, which stands for server message block. If it is available, this may be your jackpot and help you identify your target's entry point.
smb is a Windows-based network protocol, and the primary purpose of this protocol is to share files between different systems within the same network. Its primary purpose is to share files and printer devices. Windows-based desktops also use it for access to remote services.
I am trying to list all major tools and associated commands which can be used for smb enumeration.
enum4linux is developed in Perl and helps in enumerating data from Samba and Windows hosts. This tool is pre-installed on Kali Linux.
Nmap has so many scripts to gain a foothold on smb enumeration. First, list all scripts related to smb and run them accordingly using the commands below. Click Here for the Nmap cheat sheet for more useful commands.
#ls /usr/share/nmap/scripts | grep smb #nmap
--script <smb-scripts> [target-ip]
This tool helps in executing client-side MS-RPC functions.
#rpcclient -U "" -N [target-ip]
-U -> set the network username
-N -> not ask for password
This tool is similar to ftp utility. It helps the client to access SMB/CIFS resources on servers.
#smbclient -N -L \\\\[ip] #smbclient //MOUNT/share -I target -N
NetBIOS over TCP/IP client used to lookup NetBIOS names.
#nmblookup -A [target-ip]
These tools help in finding samba share drives across an entire domain.
#smbmap -u [username] -p [password] -H [target-ip]
In this article, we have seen 6 major tools that can be used for smb enumeration. Do comment if you use any of such tools. Also, comment if I miss something.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.