SMB | Port 139,445
Enumerating SMB quick methods
Get the host name or Netbios Name
- nmblookup
nmblookup -A $IP
- nbtscan
nbtscan $IP
- Nmap Script
nmap --script=nbstat $IP -p139,445
- nbtstat
when enumearting form a windows machine
nbtstat -A $IP
SMB Share and Null Session
- smbmap
listing shares
smbmap -H $IP
- smbmap
User specific Share enum
smbmap -H $IP -u $USER -p $PASS
- smbclient
listing Shares
smbclient -L $IP
accessing share without user & Pass
smbclient //$IP/Sharename
listing and accessing user specific share
smbclient -L $IP -U USER%PASS
smbclient //$IP/share -U USER%PASS
- Nmap Script
Listing of the shares using NSE script
nmap --script smb-enum-shares -p139,445 $IP
- CrackMapExec
_ Automated enumeration of shares_
crackmapexec smb 192.168.1.17 -u '' -p '' --shares
Username and Password can be passed if you already have.
References
- Hacking Articles this is great resource for more details on this service.