Port 139,445/SMB

Enumeration

enum4linux -a IP

nmap -p 139,445 --script smb-os-discovery <target_ip>

nmap -p 139,445 --script smb-protocols <target_ip>

smbmap -H $ip -u " "
smbmap -H 10.10.11.222 -u " "

We can try to login to see the network shares on the domain using a tool called smbmap.

smbmap -H 10.10.189.115 -u anonymous

smbclient \\\\<IP>\\ -U <username>
smbclient \\\\<IP>\\<SMB-FOLDER> -U <username>
smbmap -H <target_ip> -u <username>

hydra -t 1 -V -f -l <username> -P /usr/share/wordlists/rockyou.txt smb://<target_ip>