Samba Enumeration for Penetration Testing - Short Tutorial

While engaging in penetration testing, you often found open ports 139 and port 445. This denotes smb, which stands for server message block. If it is open, this may be your jackpot and help you identify your target's entry point.

smb is a Windows-based network protocol, and the primary purpose of this protocol to share files between different systems within the same network. Its main purpose is to share files and printer devices. Windows-based desktops also use it for access to remote services.

I am trying to list all major tools and associated commands which can be used for smb enumeration.

Tools Used:

(1) enum4linux

enum4linux is developed in Perl and helps in enumerating data from Samba and Windows hosts. This tool is pre-installed on Kali Linux.

#enum4linux [ip]

(2) Nmap

Nmap has so many scripts to gain a foothold on smb enumeration. First, list out all scripts related to smb and run it accordingly by using the below commands. Click Here for the Nmap cheat sheet for more useful commands.

#ls /usr/share/nmap/scripts | grep smb 
#nmap --script <smb-scripts> [target-ip]

(3) rpcclient

This tool help in executing client side MS-RPC functions.

#rpcclient -U "" -N [target-ip]

-U -> set the network username

-N -> not ask for password

(4) smbclient

This tool is similar to ftp utility. It helps client to access SMB/CIFS resources on servers.

#smbclient -N -L \\\\[ip]
#smbclient //MOUNT/share -I target -N

(5) nmblookup

NetBIOS over TCP/IP client used to lookup NetBIOS names.

#nmblookup -A [target-ip]

(6) smbmap

This tools help in finding samba share drives across an entire domain.

#smbmap -u [username] -p [password] -H [target-ip]

Conclusion

In this article, we have seen 6 major tools that can be used for smb enumeration. Do comment if you use any of such tools. Also, comment if I miss something.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.