973 B
973 B
SMB
SMBClient
- Use
smbclient
to list the share
smbclient -L //$TARGET_IP/
- The protocol might be dated, try
smbclient -L //$TARGET_IP/ --option='client min protocol=NT1'
smbmap
- Repo
python3 -m pip install -r requirements.txt
Usage
-x
execute command on server-s
enumerate share
smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig'
Enumerate Domain Users
List users of the domain through leaked credentials of an SMB user
crackmapexec smb example.com -u lowperm_user -p 'securepassword!' --users
Continue trying the found password on the users discovered in the step before
crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue-on-success
Enumerate Writeable SMB shares
List writeable SMB shares for found domain users via impacket's psexec
psexec.py example.com/domain.user@example.com