SMB

Smbclient

Description

Command

List shares on machine

smbclient -L

List shares using username and password

smbclient -L -U username%password

Connect to a valid share with username + password

smbclient /// -U username%password

List files on a specific share

smbclient /// -c 'ls' password -U username

List files on a specific share folder inside the share

smbclient /// -c 'cd folder; ls' password -U username

Download a file from a specific share folder

smbclient /// -c 'cd folder;get desired_file_name' password -U username

enum4linux

Description

Command

General enumeration - authenticated session

enum4linux -a -u -p

Users enumeration

enum4linux -u -p -U

Password policy

enum4linux -u -p -P

Nmap

Description

Command

Enumerate users

nmap -p 445 --script smb-enum-users --script-args

Enumerate groups

map -p 445 --script smb-enum-groups --script-args

Enumerate Shares

nmap -p 445 --script smb-enum-shares --script-args

Enumerate OS

nmap -p 445 --script smb-os-discovery

References

LogoGitHub - irgoncalves/smbclient_cheatsheet: Useful commands/tricks using smbclient/nmap in a pentesting/auditing/redteamingGitHub

PreviousEnumerationNextExploitation

Last updated

Was this helpful?