139/445 SMB

The SMB protocol (Server Message Block), usually running on tcp ports 139/445, is used to share ressources like files or printers on a local network .

SMB shares can be manually accessed by entering smb://[ip] in the Other Locations tab of your respective OS . Recon usually consists of enumerating shares and the smb version, the end goal being ideally to be able to access them.

Listing Shares with SMBCLIENT

The following command

$ smbclient -L //myhost/

Will allow us to list the available shares IF we have valid credentials or anonymous share listing. One can also list a specific share by specifying said share :

smbclient -L \\\\[ip]\\$COMPANY

If we have a set of valid credentials, we can use a specific username using the -U option :

$ smbclient -L //myhost/ -U johnathan

Connecting to Shares with SMBCLIENT

Actually connecting to a share is pretty straightforward, honestly

$ smbclient //myhost/$COMPANY

The -U flag can be used to specify a username if need be.

SMB commands to grab stuff

smb: \> mask ""
smb: \> recurse ON
smb: \> prompt OFF
smb: \> mget *

Previous135 RPCCLIENT enum (SMB/Samba)Next389 LDAP

Last updated 4 years ago

Was this helpful?