SMB
SMB service can be used to enumerate users or important files that may be left unattended in one of the shares. It is important to be able to enumerate a SMB service properly to gather as much information as possible.
There are multiple protocols within SMB with SMB 2.0 the most widely used and SMB 3.0 being the latest entrant. CIFS is an early dialect of SMB and is not used anymore due to its complexity in maintenance and the security issues that come with it.
NMAP Scripts
Nmap scripts can be used for enumerating various information from an SMB service and also to scan them for vulnerabilities. A simple enumeration of the shares can be done using the following command,
In the Kali operating system various scripts for enumerating and vulnerability scanning can be found under the path "/usr/share/nmap/scripts/".
Enum4linux
Enum4linux is another SMB enumeration tool that can be used for gathering information about the service. All encompassing scan can be done using the following command,
The "-a" flag will run all the tests with the SMB service and list all information collected.
U - This flag can be used to list the users on the server
S - This flag will list all the shares on the server
P - This flag displays the password policy
o - This flag gives information about the Operating System
l - This flag will provide limited information about the ldap service on the system
i - This flag will display an printer info that may be available
n - This flag lists the netbios information on the server
SMBClient
SMBClient can be used for interacting with the shares on the SMB server.
The following command can be used to access the available folders and files,
Once within the command prompt of SMBclient, files can be downloaded, uploaded, permissions changed, etc. The following command is to download the file,
While accessing Windows shares backward slash "\" have to be used and when using a Linux system to access the "\" has to be escaped with another "\". So the command may look like,
smbclient \\\\192.168.1.10\\home
SMBMAP
Another tool for accessing a SMB share,
Crackmapexec
Crackmapexec is a enumeration tool for various services and it can be used on an SMB share to get list of shared folders and validate whether a username & password is valid.
Mount SMB Share
Besides browsing through the files on the server, the share can also be mounted on the local machine and you can browse through the files like that of a NFS.
The following command can be used to mount the share on your local machine,
t - This option is used to indicate the type of filesystem.Supported filesystems are usually ext2, ext3, ext4, xfs, btrfs, vfat, sysfs, proc, nfs and cifs(Most commonly found).
Last updated