139,445 - SMB

Content below is pulled from:

SMB has two ports, 445 and 139.

Using nmap scripts to enumerate SMB shares and users

nmap -p 139,445 -T4 --script=smb-enum-shares.nse,smb-enum-users.nse <victim_ip>

Using enum4linux to enumerate SMB shares

enum4linux.pl <victim_ip>

Anonymous SMB login

smbclient //<victim_ip>/anonymous

Anonymous SMB login and list available shares

smbclient -N -L //<victim_ip>

Check null session

rpcclient -U "" -N <victim_ip>

Connect to share as null

smbclient -N //<victim_ip>/IPC$

Recursively download SMB share

smbget -R smb://<victim_ip>/anonymous

Last updated 3 years ago