SMB

SMB stands for Server Message Block, it is a network communication protocol used to share files, printers and other resources between network devices. It is a Microsoft proprietary protocol used in Windows operating systems.

Samba, on the other hand, is a free and open source implementation of the SMB protocol, which is mainly used on Unix and Linux based operating systems. Samba provides a way to share files and resources between network devices running different operating systems, such as Windows and Linux.

One of the tools we use for the reconnaissance phase is 'smbmap'. Smbmap is a command line tool used to enumerate shares and permissions on an SMB (Server Message Block) or Samba server. It is a very useful tool for network enumeration and for identifying potential security vulnerabilities.

Also, another tool seen in this class is 'smbclient'. Smbclient is another command line tool used to interact with SMB and Samba servers, but unlike smbmap which is mainly used for enumeration, smbclient provides a command line interface for interacting with SMB and Samba shares, allowing downloading and uploading files, executing remote commands, browsing the remote file system, among other functionalities.

Finally, another tool we use at the end of the class to enumerate the Samba service is 'Crackmapexec'. CrackMapExec (also known as CME) is a command-line penetration testing tool used to perform security audits in Active Directory environments. CME is based on the Python 'impacket' libraries and is compatible with Windows, Linux and macOS operating systems.

  • enumeration

    nmap -p 443,445 --script= smb-enum-shares.nse,smb-enum-users.nse IP
    

  • list the shared resource at the system level in the work

    enum4linux IP                  # enumeration general 
    smbmap -H IP                    # show the permission
    smbclient -L IP -N                # -N is null session because not have credentials
    

  • connected at smb

    smbclient //IP/folder -N           # folder have permissions 
    smbmap -H IP -u 'admin' -p 'password'
    

  • uploads files

    smbget -R smb://IP/folder
    dir                # list the content
    put file.txt        # upload
    get file.txt        # download
    del file.txt        # delete
    

  • create mount for multiples files or folders in SMB

    mount -t cifs //IP/folder  /mydirectory -o username=null,password=null,domain=,rw # rw is for mount with read and write capacity
    

  • dismount the files
    umount mountname
    rm -rf mountname
    

tool crackmapexec expert in SMB only for Windows machine

Was this page helpful?