139 Yaml
This commit is contained in:
parent
3f06798973
commit
48ac35f1a0
@ -451,50 +451,53 @@ Protocol_Name: SMB #Protocol Abbreviation if there is one.
|
||||
Port_Number: 137,138,139 #Comma separated if there is more than one.
|
||||
Protocol_Description: Server Message Block #Protocol Abbreviation Spelled out
|
||||
|
||||
Name: Notes
|
||||
Description: Notes for SMB
|
||||
Note: """
|
||||
While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
|
||||
Entry_1:
|
||||
Name: Notes
|
||||
Description: Notes for SMB
|
||||
Note: |
|
||||
While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
|
||||
|
||||
#These are the commands I run in order every time I see an open SMB port
|
||||
#These are the commands I run in order every time I see an open SMB port
|
||||
|
||||
With No Creds
|
||||
nbtscan {IP}
|
||||
smbmap -H {IP}
|
||||
smbmap -H {IP} -u null -p null
|
||||
smbclient -N -L //{IP}
|
||||
smbclient -N //{IP}/ --option="client min protocol"=LANMAN1
|
||||
rpcclient {IP}
|
||||
rpcclient -U "" {IP}
|
||||
crackmapexec smb {IP}
|
||||
crackmapexec smb {IP} --pass-pol -u "" -p ""
|
||||
GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all
|
||||
GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat
|
||||
GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/"
|
||||
getArch.py -target {IP}
|
||||
With No Creds
|
||||
nbtscan {IP}
|
||||
smbmap -H {IP}
|
||||
smbmap -H {IP} -u null -p null
|
||||
smbclient -N -L //{IP}
|
||||
smbclient -N //{IP}/ --option="client min protocol"=LANMAN1
|
||||
rpcclient {IP}
|
||||
rpcclient -U "" {IP}
|
||||
crackmapexec smb {IP}
|
||||
crackmapexec smb {IP} --pass-pol -u "" -p ""
|
||||
GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all
|
||||
GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat
|
||||
GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/"
|
||||
getArch.py -target {IP}
|
||||
|
||||
With Creds
|
||||
smbmap -H {IP} -u {Username} -p {Password}
|
||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP}
|
||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash`
|
||||
crackmapexec smb {IP} -u {Username} -p {Password} --shares
|
||||
GetADUsers.py {Domain_Name}/{Username}:{Password} -all
|
||||
GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat
|
||||
GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request
|
||||
With Creds
|
||||
smbmap -H {IP} -u {Username} -p {Password}
|
||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP}
|
||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash`
|
||||
crackmapexec smb {IP} -u {Username} -p {Password} --shares
|
||||
GetADUsers.py {Domain_Name}/{Username}:{Password} -all
|
||||
GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat
|
||||
GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request
|
||||
|
||||
https://book.hacktricks.xyz/pentesting/pentesting-smb
|
||||
"""
|
||||
https://book.hacktricks.xyz/pentesting/pentesting-smb
|
||||
|
||||
Name: Enum4Linux
|
||||
Description: General SMB Scan
|
||||
Command: """enum4linux -a {IP}"""
|
||||
Entry_2:
|
||||
Name: Enum4Linux
|
||||
Description: General SMB Scan
|
||||
Command: enum4linux -a {IP}
|
||||
|
||||
Name: Nmap SMB Scan 1
|
||||
Description: SMB Vuln Scan With Nmap
|
||||
Command: """nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}"""
|
||||
Entry_3:
|
||||
Name: Nmap SMB Scan 1
|
||||
Description: SMB Vuln Scan With Nmap
|
||||
Command: nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}
|
||||
|
||||
Name: Nmap Smb Scan 2
|
||||
Description: SMB Vuln Scan With Nmap (Less Specific)
|
||||
Command: """nmap --script smb-vuln* -Pn -p 139,445 {IP}"""
|
||||
Entry_4:
|
||||
Name: Nmap Smb Scan 2
|
||||
Description: SMB Vuln Scan With Nmap (Less Specific)
|
||||
Command: nmap --script smb-vuln* -Pn -p 139,445 {IP}
|
||||
```
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user