Scan for SMB hosts
- nmap -sS -p 139,445 target-ip/range
Run nbtscan to obtain netbios info
- nbtscan -v target-ip
* smbmap -H ip -u anonymous
* smbmap -H ip -u anonymous -r –depth 5
* smbmap -d domain -u user -p password -H x.x.x.x
* smbmap -d domain -u user -p password -H x.x.x.x -R sharename (list files in share)
* smbclient -c “recurse;ls” //x.x.x.x/SYSVOL -U domain\\user%password
* smbclient -L //ip
* smbclient \\\\IP\\ADMIN$ -U user
* get filename
* Copy Folders
smbclient ‘\\server\share’
mask “”
recurse ON
prompt OFF
cd ‘path\to\remote\dir’
lcd ‘~/path/to/download/to/’
mget *
RootSecurity 