PentOpsVault @syztem4our666

PentOpsVault
Pentesting NetworksPentesting Ports

Port 139,445/SMB

Pentesting-Ports

Table of Contents

Enumeration

OS Fingerprinting

nmap -p 139,445 --script smb-os-discovery <target_ip>

Version Detection

nmap -p 139,445 --script smb-protocols <target_ip>

With smbmap

smbmap -H $ip -u " "
smbmap -H 10.10.11.222 -u " "

Pentesting SMB

We can try to login to see the network shares on the domain using a tool called smbmap. Any name can be used for this as far as we can get in anonymously.

smbmap -H 10.10.189.115 -u anonymous

Enumerating Shares

smbclient \\\\<IP>\\ -U <username>
smbclient \\\\<IP>\\<SMB-FOLDER> -U <username>
smbmap -H <target_ip> -u <username>

User Enumeration

enum4linux -a <target_ip>

Brute Forcing

hydra -t 1 -V -f -l <username> -P /usr/share/wordlists/rockyou.txt smb://<target_ip>

Previous

Port 6379/Redis

Next

Directory & File Fuzzing

On this page

Table of ContentsEnumerationOS FingerprintingVersion DetectionWith smbmapPentesting SMBEnumerating SharesUser EnumerationBrute Forcing
Edit on GitHub