🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • Network Analysis
        • curl
        • tcpdump
        • Nmap
        • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
      • JDWP
    • Code
      • Python Essentials
      • C & C++
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
      • User Endpoints
      • Web Fuzzing
        • ffuf
        • feroxbuster
        • Gobuster
        • GoWitness
      • Web Servers
        • Apache
        • Nginx
        • Werkzeug
      • Databases
        • MySQL
        • NoSQL
          • MongoDB
          • Redis
      • Web Services/Frameworks
        • Wordpress
        • Laravel
        • Express
        • Magento
        • AIOHTTP
        • HashiCorp Vault
        • Tiny File Manager
        • Joomla
        • CMS Made Simple
        • 🌵Cacti
        • Tomcat
        • Zabbix
        • OpenNetAdmin
        • ImageMagick
    • Vulnerabilities
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Arbitrary Command Execution
      • SQLi
        • SQLmap
      • SSI
      • SSTI
      • LFI
      • XSS
    • Java-based web application
      • Struts
      • .WAR
      • pd4ml.jar
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Post Exploitation
    • File Transfer
      • Exfiltration
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Command Injection
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Fundamentals
  2. Network Protocols

SMB

Server Message Block - Ports 445/139

smbclient

Without Credentials

List Resource list
smbclient -L <IP>
List Null session
smbclient -N <IP>
List User Share
smbclient //IP/<SHARE> -U <USER>
Connect to share
smbclient -N \\\\IP\Share
Without Credentials
smbclient --no-pass //IP/<Share>
Resources list + Null session
smbclient -L \\10.10.10.123 -N
Upload PHP reverse shell
smbclient -N //10.10.10.123/Development -c 'put cmd.php tokyo.php

Download a File

Type this sequence
recurse
prompt
mget *
Enumeration
Nmap Scan
nmap --script smb-enum-shares.nse -p445 10.10.10.123
Stealthy Nmap Scan
nmap -n -Pn -vv -O -sV -script smb-enum*,smb-ls,smb-mbenum,smb-os-discovery,smb-s*,smb-vuln*,smbv2* -vv 192.168.1.1
Metasploit Module
use auxiliary/scanner/smb/smb_enumshares

smbmap

Connect to host
smbmap -H <IP>
Connect with credentials
smbmap -H <IP> -d <dns> -u '<user>' -p '<pass>'
List Share
smbmap -H <IP> -r <SHARE>
SAMBA
Download file
smbget -U <User> smb://IP/<SHARE_LOCATION> / --download
NTLM Relay Attacks

Capture the Hash
responder -I eth0 -dwv
Relay the hash
impacket-ntrlrelayx -tf target.txt -smb2support -c <payload>
PreviousHTTP/HTTPSNextSNMP

Last updated 2 months ago

🌐