SMB Pentest Checklist
2022-6-30 16:20:0 Author:查看原文) 阅读量:37 收藏

SMB Enumeration

smbmap -H          //Check Privileges 

smbmap -H -R --depth 5

smbclient -L //            //List Shares

smbclient //      //Interactive shell to a share 

smbclient  \\\\\\share$     //Open a Null Session

smbclient //friendzone.htb/general -U ""    //see files inside

smbclient -N -L //      //List Shares as Null User [email protected]         //Enter pass later

smbmap -u Administrator -p '[email protected]' -H

smbclient -U 'administrator%[email protected]' \\\\\\\c$

once logged in;

put filename               //can upload any file

#access SMB shares via Windows CMD
net view \\ /All

#Using Kerberos ticket with Smbclient
smbclient -k -L //
#Basic SMB & OS info crackmapexec smb #List Shares crackmapexec smb --shares #If the password needs to be changed
smbpasswd -U username -r

#access SMB using a hash

smbclient // -U username --pw-nt-hash 07772ae654432cd618915793515asds
#Starting SMB Server
sudo share $(pwd)
#Brute forcing SMB Creds
crackmapexec smb -u users.txt -p passwords.txt #passing blank creds via smb crackmapexec smb --shares -u '' -p '' #Bruteforcing SMB using hashes proxychains crackmapexec -t 15 smb -u users -H hashes --no-bruteforce --continue-on-success
SMB Enum using Nmap 

#SMB Users Enum
nmap --script smb-enum-users.nse -p445 IP_Address

#SMB OS Discovery
nmap --script smb-os-discovery IP_Address

#SMB Shares Enum
nmap --script smb-enum-shares -p139,445 IP_Address
nmap --script smb-enum-shares IP_Address

#SMB Vuln Scan
nmap --script smb-vuln* IP_Address
#SMB Shares Enum using RPCClient
rpcclient -U "" -N IP_Address
#Enum Using Metasploit 
use auxiliary/scanner/smb/smb_enumshares
set rhosts IP_Address