📕
The Red Book
  • 📕The Red Book
  • 🦳Stages of Ethical Hacking
    • 1️⃣Information Gathering
      • Active Information Gathering
        • DNS Zone Transfers
        • NMAP
        • netdiscover
        • sqlMap
        • Nikto
        • Shodan
        • RustScan
        • Amass
        • fping
      • Passive Information Gathering
        • Website Recon & Footprinting
        • Whois Enumeration
        • Netcraft
        • ⭐DNS
        • Identify if site is protected by firewall or proxy - wafw00f
        • Subdomain Enumeration - Sublist3r
        • ❌theHarvester (borked)
        • Email gathering
        • Leaked Password Databases
        • Certificates
    • 2️⃣Enumeration
      • SMB
        • Windows discover & Mount
        • NMAP Scripts
        • SMBMap
        • Samba with Linux
        • Dictionary Attack
      • FTP
      • SSH
      • HTTP
        • Subdomain
        • IIS
        • Apache
      • SQL
    • 3️⃣Vulnerability Assessment
      • Nessus
  • 💾System/Host Based Attacks
    • 🪟Windows
      • Frequently exploited Windows Services
    • 🐧Linux
  • 🥽Dorks
    • Google
      • Cheatsheet
      • Examples
    • Extra
  • 🎣Phishing
    • Gophish
    • evilgophish
    • King Phisher
    • EvilURL
  • 🔎OSINT
    • Temporary links
  • 👾Data exfiltration
    • Temporary links
  • 🐝OWASP
    • Top10
  • 📙Cheat Sheet
    • Curl
Powered by GitBook
On this page
  • Enumeration
  • Metasploit way
  • smb version
  • shares
  • nmblookup
  • rpcclient
  • enum4linux
  • # smbclient
Edit on GitHub
  1. Stages of Ethical Hacking
  2. Enumeration
  3. SMB

Samba with Linux

PreviousSMBMapNextDictionary Attack

Last updated 2 years ago

Enumeration

With nmap -sV we can do an educated guess if the server is using windows or linux

-
# TCP
nmap $IP -sV -p 139,445

# UDP
nmap $IP -sU --top-port 25 --open

# Via scripts
nmap $IP -p 445 --script smb-os-discovery

Metasploit way

smb version

msfconsole
use auxiliary/scanner/smb/smb_version
set rhosts $IP
run

shares

msfconsole
use auxiliary/scanner/smb/smb_enumshares
set rhosts $IP
run

nmblookup

nmblookup -A $IP

rpcclient

rpcclient -U "" -N $IP

srvinfo

enumdomusers

lookupnames admin

enum4linux

# get OS
enum4linux -o $IP

# get users
enum4linux -U $IP

# get sharelist
enum4linux -S $IP

# smbclient

To connect to smb shares

nmbclient -L $IP -N 

nmbclient //$IP/Public -N
🦳
2️⃣