offsecvault - Knowledge Base



 ▒█████    █████▒ █████▒ ██████ ▓█████  ▄████▄ ██▒   █▓ ▄▄▄       █    ██  ██▓  ▄▄▄█████▓
▒██▒  ██▒▓██   ▒▓██   ▒▒██    ▒ ▓█   ▀ ▒██▀ ▀█▓██░   █▒▒████▄     ██  ▓██▒▓██▒  ▓  ██▒ ▓▒
▒██░  ██▒▒████ ░▒████ ░░ ▓██▄   ▒███   ▒▓█    ▄▓██  █▒░▒██  ▀█▄  ▓██  ▒██░▒██░  ▒ ▓██░ ▒░
▒██   ██░░▓█▒  ░░▓█▒  ░  ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒▒██ █░░░██▄▄▄▄██ ▓▓█  ░██░▒██░  ░ ▓██▓ ░ 
░ ████▓▒░░▒█░   ░▒█░   ▒██████▒▒░▒████▒▒ ▓███▀ ░ ▒▀█░   ▓█   ▓██▒▒▒█████▓ ░██████▒▒██▒ ░ 
░ ▒░▒░▒░  ▒ ░    ▒ ░   ▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░ ░ ▐░   ▒▒   ▓▒█░░▒▓▒ ▒ ▒ ░ ▒░▓  ░▒ ░░   
  ░ ▒ ▒░  ░      ░     ░ ░▒  ░ ░ ░ ░  ░  ░  ▒    ░ ░░    ▒   ▒▒ ░░░▒░ ░ ░ ░ ░ ▒  ░  ░    
░ ░ ░ ▒   ░ ░    ░ ░   ░  ░  ░     ░   ░           ░░    ░   ▒    ░░░ ░ ░   ░ ░   ░      
    ░ ░                      ░     ░  ░░ ░          ░        ░  ░   ░         ░  ░       
                                       ░           ░

    OFFENSIVE |
    DEFENSIVE |
    CTF |
    TOOLS |
    ABOUT 

 SMB 

::: nmap

# nmap --script nbstat.nse [ip_addr]
# nmap --script smb-os-discovery [ip_addr]
# nmap --script smb-enum-shares -p139,445 [ip_addr]
# nmap --script smb-vuln* [ip_addr]
# nmap --script smb-system-info [ip_addr]
# nmap --script smb-enum-users [ip_addr]
# nmap --script smb-brute.nse -p445 [ip_addr]
# nmap --script smb-ls [ip_addr]

-- merge the scripts "enumerating and listing shares"
# nmap --script smb-enum-shares,smb-ls [ip_addr]

-- use smbtype
# nmap --script smb-brute.nse --script-args smbtype=v2

::: smbclient

# smbclient -L [ip_addr]
# smbclient //[ip_addr]/[share_name]
# get [filename]

-null session
# smbclient -N -L \\\\[ip_addr]

::: smbmap

"allows users to enumerate samba share drives across an entire domain, enumerate, etc."

# smbmap -H [ip_addr]
# smbmap -H [ip_addr] -u [user] -p [password]
# smbmap -H [ip_addr] -R

flags:

-R = resursive

::: nmblookup

"resolve hostname/IP"

# nmblookup -A [ip_addr]

::: nbtscan

"retrieve NetBIOS computer name, logged-in user name and MAC address"

# nbtscan [ip_addr]

::: nbtstat

"displays NetBIOS over TCP/IP (NetBT) protocol statistics, NetBIOS name tables for both the local computer and remote computers, and the NetBIOS name cache"

# nbtstat -A [ip_addr]

::: netview

"displays a list of domains, computers, or resources that are being shared by the specified computer."

net view \\[ip_addr] /All

::: metasploit

- enum shares
use auxiliary/scanner/smb/smb_enumshares

- brute force SID lookups
use auxiliary/scanner/smb/smb_lookupsid

::: enum4linux

# enum4linux -A [ip_addr]
# enum4linux -S [ip_addr]

flags:

-A = all
-S = shares
-o = OS
-l = ldap info