search
GitHubPsMapExec

Ports 139 | 445 | SMB

hashtag
Enumeration

Identify SMB running on a host. List only open ports.

sudo nmap -sT -sU -sV -p135,137,138,139,445 --open <IP>

hashtag
Nmap Scripts

# Enumerate shares
nmap --script smb-enum-shares -p 445 <IP>
# OS Discovery
nmap --script smb-os-discovery -p 445 <IP>
# Enumerate Users
nmap --script=smb-enum-users -p 445 <IP>
# All
nmap --script=smb-enum-users,smb-enum-shares,smb-os-discovery -p 139,445 <IP>

hashtag
NULL / Anonymous Login

# On some configuration omitting '-N' will grant access.
smbclient -U '' -L \\\\<IP> 

smbclient -U '' -N -L \\\\<IP> 
smbclient -U '%' -N -L \\\\<IP>
smbclient -U '%' -N \\\\<IP>\\<Folder>

# Enter a random username with no password and try for anonymous login.
crackmapexec smb <IP> -u 'anonymous' -p ''

crackmapexec smb <IP> -u '' -p ''
crackmapexec smb <IP> -u '' -p '' --shares

hashtag
Authenticated

hashtag
Download Files

hashtag
Tools

hashtag
Enum4Linux

Run batch commands against a target.

hashtag
Crackmapexec

Command execution and enumeration from Linux

hashtag
PsMapExec

Command execution and enumeration from Windows

hashtag
User Enumeration

hashtag
Nmap

hashtag
Exploits

hashtag
Samba

hashtag
CVE-2007-2447 Samba Symlink Directory Traversalarrow-up-right

Platform
Link

Metasploit

auxiliary/admin/smb/samba_symlink_traversal

GitHub

https://github.com/amriunix/CVE-2007-2447arrow-up-right

hashtag

hashtag

hashtag

Last updated