SMBMap is a powerful tool for enumerating SMB (Server Message Block) shares on a network. It helps in identifying accessible shares, their permissions, and their contents. This guide will walk you through using SMBMap to enumerate SMB shares.
How to Install SMBMap
SMBMap is a Python-based tool and can be installed using the pip package manager.
git clone https://github.com/ShawnDEvans/smbmap.git smbmapcd smbmappython3 -m pip install -r requirements.txtSMBMap Features
- Pass-the-Hash Support
- File upload/download/delete
- Permission enumeration (writable share, meet Metasploit)
- Remote Command Execution
- Distributed file content searching (beta!)
- File name matching (with an auto download capability)
SMB Help
usage: smbmap.py
[-h] (-H HOST | --host-file FILE)
[-u USERNAME] [-p PASSWORD | --prompt]
[-s SHARE]
[-d DOMAIN]
[-P PORT] [-v]
[--admin]
[--no-banner]
[--no-color]
[--no-update]
[-x COMMAND]
[--mode CMDMODE]
[-L | -R [PATH]
-r [PATH]]
[-A PATTERN
-g FILE
--csv FILE]
[--dir-only] [--no-write-check]
[-q] [--depth DEPTH]
[--exclude SHARE [SHARE ...]]
[-F PATTERN]
[--search-path PATH][--search-timeout TIMEOUT]
[--download PATH]
[--upload SRC DST]
[--delete PATH TO FILE]
[--skip]Enumerate Remote Samba Service
No Authentication
smbmap -H 192.168.1.91With Authentication
smbmap -H 192.168.1.91 -u "admin" -p "admin"Null Session
smbmap -H 192.168.1.91 -u "" -p ""SMBMap Managing Files
Download
Upload
Remote Command Execution
smbmap -H 192.168.1.91 -u "admin" -p "admin" -x whoamismbmap -H 192.168.1.91 -u "admin" -p "admin" -x 'POWERSHELL Reverse SHELL'Search Files on Remote Share
smbmap --host-file ~/Desktop/smb-workstation-sml.txt
-u NopSec
-p 'NopSec1234!'
-d widgetworld
-F '[1-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]'
