Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
  • CVEs
    • Simplehelp CVE-2024-57727
    • Next.js CVE-2025-29927
Powered by GitBook
On this page
  • NetExec
  • Banner Grabbing of IPs using netexec
  • Password Spraying using netexec
  • Netexec to see shares
  • SMBClient
  • List Shares using SMBClient
  • List Shares with User and Pass
  • Download files using SMBClient
  • SMBMAP
  • List Shares using SMBMAP
  • Directory Structure Listing of a Share Recursively
  • Download files from Shares using SMBMAP
  • STATUS_PASSWORD_MUST_CHANGE
  1. Network Penetration Testing

445 - Pentesting SMB

NetExec

netexec is the latest tool which can be used to enumerate SMB protocol

Banner Grabbing of IPs using netexec

make a list of ips in a file and then used the below command

netexec smb ips.txt

Password Spraying using netexec

this will try to list all the shares

netexec smb ips.txt -u users.txt -p passwords.txt

Netexec to see shares

we can see shares as well using netexec

netexec smb ips.txt -u users.txt -p passwords.txt --shares

SMBClient

List Shares using SMBClient

We can use smbclient to list the shares and login to the shares as well

smbclient -N -L //10.10.11.236

List Shares with User and Pass

when we have a username and password we can try this

smbclient -L \\\\10.0.9.158\\ -U noc
Password for [WORKGROUP\noc]:

Download files using SMBClient

Login to SMB

smbclient \\\\10.0.9.158\\IPC$ -U noc

now use the following commands and it will recursively download all the files in your kali linux

smb: \> recurse ON  
smb: \> prompt OFF  
smb: \> mget *

#after this you can find any file using the find command

find . -type f

SMBMAP

List Shares using SMBMAP

smbmap -H 10.0.9.158 -u username -p password

Directory Structure Listing of a Share Recursively

smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$

Download files from Shares using SMBMAP

smbmap -H 10.0.9.158 -u username -p 'password' -r IPC$ -A eventlog

STATUS_PASSWORD_MUST_CHANGE

if you see status password must change, then you can change the password of that user using impacket-smbpasswd

impacket-smbpasswd baby.vl/Caroline.Robinson@10.10.88.65 -newpass 'Test1234!'
Previous389 - Pentesting LDAPNext873 - Pentesting Rsync

Last updated 2 months ago