139 Yaml
This commit is contained in:
parent
3f06798973
commit
48ac35f1a0
@ -451,50 +451,53 @@ Protocol_Name: SMB #Protocol Abbreviation if there is one.
|
|||||||
Port_Number: 137,138,139 #Comma separated if there is more than one.
|
Port_Number: 137,138,139 #Comma separated if there is more than one.
|
||||||
Protocol_Description: Server Message Block #Protocol Abbreviation Spelled out
|
Protocol_Description: Server Message Block #Protocol Abbreviation Spelled out
|
||||||
|
|
||||||
Name: Notes
|
Entry_1:
|
||||||
Description: Notes for SMB
|
Name: Notes
|
||||||
Note: """
|
Description: Notes for SMB
|
||||||
While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
|
Note: |
|
||||||
|
While Port 139 is known technically as ‘NBT over IP’, Port 445 is ‘SMB over IP’. SMB stands for ‘Server Message Blocks’. Server Message Block in modern language is also known as Common Internet File System. The system operates as an application-layer network protocol primarily used for offering shared access to files, printers, serial ports, and other sorts of communications between nodes on a network.
|
||||||
|
|
||||||
#These are the commands I run in order every time I see an open SMB port
|
#These are the commands I run in order every time I see an open SMB port
|
||||||
|
|
||||||
With No Creds
|
With No Creds
|
||||||
nbtscan {IP}
|
nbtscan {IP}
|
||||||
smbmap -H {IP}
|
smbmap -H {IP}
|
||||||
smbmap -H {IP} -u null -p null
|
smbmap -H {IP} -u null -p null
|
||||||
smbclient -N -L //{IP}
|
smbclient -N -L //{IP}
|
||||||
smbclient -N //{IP}/ --option="client min protocol"=LANMAN1
|
smbclient -N //{IP}/ --option="client min protocol"=LANMAN1
|
||||||
rpcclient {IP}
|
rpcclient {IP}
|
||||||
rpcclient -U "" {IP}
|
rpcclient -U "" {IP}
|
||||||
crackmapexec smb {IP}
|
crackmapexec smb {IP}
|
||||||
crackmapexec smb {IP} --pass-pol -u "" -p ""
|
crackmapexec smb {IP} --pass-pol -u "" -p ""
|
||||||
GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all
|
GetADUsers.py -dc-ip {IP} "{Domain_Name}/" -all
|
||||||
GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat
|
GetNPUsers.py -dc-ip {IP} -request "{Domain_Name}/" -format hashcat
|
||||||
GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/"
|
GetUserSPNs.py -dc-ip {IP} -request "{Domain_Name}/"
|
||||||
getArch.py -target {IP}
|
getArch.py -target {IP}
|
||||||
|
|
||||||
With Creds
|
With Creds
|
||||||
smbmap -H {IP} -u {Username} -p {Password}
|
smbmap -H {IP} -u {Username} -p {Password}
|
||||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP}
|
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP}
|
||||||
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash`
|
smbclient -h "\\\\{IP}\\\" -U {Domain_Name} -W {Username} -l {IP} --pw-nt-hash `hash`
|
||||||
crackmapexec smb {IP} -u {Username} -p {Password} --shares
|
crackmapexec smb {IP} -u {Username} -p {Password} --shares
|
||||||
GetADUsers.py {Domain_Name}/{Username}:{Password} -all
|
GetADUsers.py {Domain_Name}/{Username}:{Password} -all
|
||||||
GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat
|
GetNPUsers.py {Domain_Name}/{Username}:{Password} -request -format hashcat
|
||||||
GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request
|
GetUserSPNs.py {Domain_Name}/{Username}:{Password} -request
|
||||||
|
|
||||||
https://book.hacktricks.xyz/pentesting/pentesting-smb
|
https://book.hacktricks.xyz/pentesting/pentesting-smb
|
||||||
"""
|
|
||||||
|
|
||||||
Name: Enum4Linux
|
Entry_2:
|
||||||
Description: General SMB Scan
|
Name: Enum4Linux
|
||||||
Command: """enum4linux -a {IP}"""
|
Description: General SMB Scan
|
||||||
|
Command: enum4linux -a {IP}
|
||||||
|
|
||||||
Name: Nmap SMB Scan 1
|
Entry_3:
|
||||||
Description: SMB Vuln Scan With Nmap
|
Name: Nmap SMB Scan 1
|
||||||
Command: """nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}"""
|
Description: SMB Vuln Scan With Nmap
|
||||||
|
Command: nmap -p 139,445 -vv -Pn --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse {IP}
|
||||||
|
|
||||||
Name: Nmap Smb Scan 2
|
Entry_4:
|
||||||
Description: SMB Vuln Scan With Nmap (Less Specific)
|
Name: Nmap Smb Scan 2
|
||||||
Command: """nmap --script smb-vuln* -Pn -p 139,445 {IP}"""
|
Description: SMB Vuln Scan With Nmap (Less Specific)
|
||||||
|
Command: nmap --script smb-vuln* -Pn -p 139,445 {IP}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user