coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

139 Yaml

Browse Source
This commit is contained in:
CoolHandSquid 2021-08-15 14:12:30 -04:00 committed by GitHub
parent 3f06798973
commit 48ac35f1a0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 41 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
pentesting/pentesting-smb.md
View File

@ -451,50 +451,53 @@ Protocol_Name: SMB #Protocol Abbreviation if there is one.
Port_Number: 137,138,139 #Comma separated if there is more than one. Port_Number: 137,138,139 #Comma separated if there is more than one.
Protocol_Description: Server Message Block #Protocol Abbreviation Spelled out Protocol_Description: Server Message Block #Protocol Abbreviation Spelled out
Name: Notes Entry_1:
Description: Notes for SMB Name: Notes
Note: """ Description: Notes for SMB
While Port 139 is known technically as NBT over IP, Port 445 is SMB over IP. SMB stands for Server Message Blocks. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network. Note: |
While Port 139 is known technically as NBT over IP, Port 445 is SMB over IP. SMB stands for Server Message Blocks. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
#These are the commands I run in order every time I see an open SMB port #These are the commands I run in order every time I see an open SMB port
With No Creds With No Creds
nbtscan {IP} nbtscan {IP}
smbmap -H {IP} smbmap -H {IP}
smbmap -H {IP} -u null -p null smbmap -H {IP} -u null -p null
smbclient -N -L //{IP} smbclient -N -L //{IP}
smbclient -N //{IP}/ --option="client min protocol"=LANMAN1 smbclient -N //{IP}/ --option="client min protocol"=LANMAN1
rpcclient {IP} rpcclient {IP}
rpcclient -U "" {IP} rpcclient -U "" {IP}
crackmapexec smb {IP} crackmapexec smb {IP}
crackmapexec smb {IP} --pass-pol -u "" -p "" crackmapexec smb {IP} --pass-pol -u "" -p ""
GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all
GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat
GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/" GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/"
getArch.py -target {IP} getArch.py -target {IP}
With Creds With Creds
smbmap -H {IP} -u {Username} -p {Password} smbmap -H {IP} -u {Username} -p {Password}
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP}
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash` smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash`
crackmapexec smb {IP} -u {Username} -p {Password} --shares crackmapexec smb {IP} -u {Username} -p {Password} --shares
GetADUsers.py {Domain_Name}/{Username}:{Password} -all GetADUsers.py {Domain_Name}/{Username}:{Password} -all
GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat
GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request
https://book.hacktricks.xyz/pentesting/pentesting-smb https://book.hacktricks.xyz/pentesting/pentesting-smb
"""
Name: Enum4Linux Entry_2:
Description: General SMB Scan Name: Enum4Linux
Command: """enum4linux -a {IP}""" Description: General SMB Scan
Command: enum4linux -a {IP}
Name: Nmap SMB Scan 1 Entry_3:
Description: SMB Vuln Scan With Nmap Name: Nmap SMB Scan 1
Command: """nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}""" Description: SMB Vuln Scan With Nmap
Command: nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}
Name: Nmap Smb Scan 2 Entry_4:
Description: SMB Vuln Scan With Nmap (Less Specific) Name: Nmap Smb Scan 2
Command: """nmap --script smb-vuln* -Pn -p 139,445 {IP}""" Description: SMB Vuln Scan With Nmap (Less Specific)
Command: nmap --script smb-vuln* -Pn -p 139,445 {IP}
``` ```