search

smb :135 :139 :445

hashtag
version check

  • msf:use auxiliary/scanner/smb/smb_version

hashtag
brute force

  • msf:use auxiliary/scanner/ssh/ssh_login

hashtag
vuln-check

The following are checks for old smb exploits, which I've seen a lot of times when doing old HTB boxes. Hence, have documented these for whenever I come across old smb version.

$ nmap -p 139,445 --script-args=unsafe=1 --script /usr/share/nmap/scripts/smb-os-discovery IP

# test for known smb vulns 
# cve2009-3103: ms09-050
nmap --script=smb-vuln-cve2009-3103.nse -p 139,445 IP
nmap --script=smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse -p 139,445 IP

# exploit down
nmap -Pn --script smb-vuln-cve-2017-7494 --script-args smb-vuln-cve-2017-7494.check-version -p139,445 IP

# using NMAP lto enumerate shares:
nmap -p 139,445 --script=smb-enum-shares.nse,smb-enum-users.nse IP

hashtag
smbclient | smbmap

hashtag
enum4linux

hashtag
Shares (nfs, cifs)

hashtag
Viewing

hashtag
Mounting:

NOTE:

hashtag
VHD

NOTE:

hashtag
unmount

PreviousrpcNextsmtp :25

Last updated