445 - Pentesting SMB
NetExec
netexec is the latest tool which can be used to enumerate SMB protocol
Banner Grabbing of IPs using netexec
make a list of ips in a file and then used the below command
netexec smb ips.txt Password Spraying using netexec
this will try to list all the shares
netexec smb ips.txt -u users.txt -p passwords.txt Netexec to see shares
we can see shares as well using netexec
netexec smb ips.txt -u users.txt -p passwords.txt --sharesSMBClient
List Shares using SMBClient
We can use smbclient to list the shares and login to the shares as well
smbclient -N -L //10.10.11.236List Shares with User and Pass
when we have a username and password we can try this
smbclient -L \\\\10.0.9.158\\ -U noc
Password for [WORKGROUP\noc]:
Download files using SMBClient
Login to SMB
smbclient \\\\10.0.9.158\\IPC$ -U noc
now use the following commands and it will recursively download all the files in your kali linux
smb: \> recurse ON
smb: \> prompt OFF
smb: \> mget *
#after this you can find any file using the find command
find . -type fSMBMAP
List Shares using SMBMAP
smbmap -H 10.0.9.158 -u username -p password
Directory Structure Listing of a Share Recursively
smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$
Download files from Shares using SMBMAP
smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$ -A eventlog
STATUS_PASSWORD_MUST_CHANGE
if you see status password must change, then you can change the password of that user using impacket-smbpasswd
impacket-smbpasswd baby.vl/[email protected] -newpass 'Test1234!'
Last updated