# Samba with Linux

## Enumeration

With nmap `-sV` we can do an educated guess if the server is using <mark style="background-color:blue;">windows</mark> or <mark style="background-color:purple;">linux</mark>

```shell
-
# TCP
nmap $IP -sV -p 139,445

# UDP
nmap $IP -sU --top-port 25 --open

# Via scripts
nmap $IP -p 445 --script smb-os-discovery
```

<figure><img src="/files/Pt1TIp9OdfXoM60gkZTx" alt=""><figcaption></figcaption></figure>

## Metasploit way

### smb version

```bash
msfconsole
use auxiliary/scanner/smb/smb_version
set rhosts $IP
run
```

### shares

```bash
msfconsole
use auxiliary/scanner/smb/smb_enumshares
set rhosts $IP
run
```

## nmblookup

```shell
nmblookup -A $IP

```

## rpcclient

```bash
rpcclient -U "" -N $IP

srvinfo

enumdomusers

lookupnames admin
```

## enum4linux

```bash
# get OS
enum4linux -o $IP

# get users
enum4linux -U $IP

# get sharelist
enum4linux -S $IP

```

## # smbclient

To connect to smb shares

```bash
nmbclient -L $IP -N 

nmbclient //$IP/Public -N 
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://insecurecodes.gitbook.io/redbook/stages-of-ethical-hacking/enumeration/smb/samba-with-linux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.