Skip to main content

Port 139-445 SMB

Basic checklist

Enumerate Hostname

nmblookup -A [ip]

List Shares

smbmap -H [ip/hostname]

echo exit | smbclient -L \\\\[ip]

nmap --script smb-enum-shares -p 139,445 [ip]

Check Null sessions

smbmap -H [ip/hostname]

rpcclient -U "" -N [ip]

smbclient \\\\[ip]\\[share name]

Tools ref

nmblookup - collects NetBIOS over TCP/IP client used to lookup NetBIOS names.
smbclient - an ftp-like client to access SMB shares
rpcclient - tool to execute client side MS-RPC functions
enum4linux - enumerates various smb functions
wireshark

Basic checklist
Tools ref