445 - Pentesting SMB

NetExec

netexec is the latest tool which can be used to enumerate SMB protocol

make a list of ips in a file and then used the below command

netexec smb ips.txt

this will try to list all the shares

netexec smb ips.txt -u users.txt -p passwords.txt

we can see shares as well using netexec

netexec smb ips.txt -u users.txt -p passwords.txt --shares

We can use smbclient to list the shares and login to the shares as well

smbclient -N -L //10.10.11.236

when we have a username and password we can try this

smbclient -L \\\\10.0.9.158\\ -U noc
Password for [WORKGROUP\noc]:

smbclient \\\\10.0.9.158\\IPC$ -U noc

now use the following commands and it will recursively download all the files in your kali linux

smb: \> recurse ON  
smb: \> prompt OFF  
smb: \> mget *

#after this you can find any file using the find command

find . -type f

smbmap -H 10.0.9.158 -u username -p password

smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$

smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$ -A eventlog

if you see status password must change, then you can change the password of that user using impacket-smbpasswd

impacket-smbpasswd baby.vl/[email protected] -newpass 'Test1234!'

Last updated 10 months ago