Samba with Linux

Enumeration

With nmap -sV we can do an educated guess if the server is using windows or linux

-
# TCP
nmap $IP -sV -p 139,445

# UDP
nmap $IP -sU --top-port 25 --open

# Via scripts
nmap $IP -p 445 --script smb-os-discovery

msfconsole
use auxiliary/scanner/smb/smb_version
set rhosts $IP
run

msfconsole
use auxiliary/scanner/smb/smb_enumshares
set rhosts $IP
run

nmblookup -A $IP

rpcclient -U "" -N $IP

srvinfo

enumdomusers

lookupnames admin

# get OS
enum4linux -o $IP

# get users
enum4linux -U $IP

# get sharelist
enum4linux -S $IP

To connect to smb shares

nmbclient -L $IP -N 

nmbclient //$IP/Public -N

Last updated 3 years ago