Samba with Linux
Enumeration
With nmap -sV we can do an educated guess if the server is using windows or linux
-
# TCP
nmap $IP -sV -p 139,445
# UDP
nmap $IP -sU --top-port 25 --open
# Via scripts
nmap $IP -p 445 --script smb-os-discovery
Metasploit way
smb version
msfconsole
use auxiliary/scanner/smb/smb_version
set rhosts $IP
runshares
msfconsole
use auxiliary/scanner/smb/smb_enumshares
set rhosts $IP
runnmblookup
nmblookup -A $IP
rpcclient
rpcclient -U "" -N $IP
srvinfo
enumdomusers
lookupnames adminenum4linux
# get OS
enum4linux -o $IP
# get users
enum4linux -U $IP
# get sharelist
enum4linux -S $IP
# smbclient
To connect to smb shares
nmbclient -L $IP -N
nmbclient //$IP/Public -N Last updated