SMBMap Enumerating Samba
Posted in: Penetration Testing Tools

SMBMap: Full Guide Enumerating SMB

How to Install SMBMap

git clone https://github.com/ShawnDEvans/smbmap.git smbmap
cd smbmap
python3 -m pip install -r requirements.txt

SMBMap Features

  • Pass-the-Hash Support
  • File upload/download/delete
  • Permission enumeration (writable share, meet Metasploit)
  • Remote Command Execution
  • Distributed file content searching (beta!)
  • File name matching (with an auto download capability)

SMB Help

usage: smbmap.py

[-h] (-H HOST | --host-file FILE) 
[-u USERNAME] [-p PASSWORD | --prompt] 
[-s SHARE]
[-d DOMAIN]
[-P PORT] [-v] 
[--admin]
[--no-banner] 
[--no-color] 
[--no-update] 
[-x COMMAND] 
[--mode CMDMODE]
[-L | -R [PATH]
-r [PATH]] 
[-A PATTERN
-g FILE
--csv FILE] 
[--dir-only] [--no-write-check] 
[-q] [--depth DEPTH] 
[--exclude SHARE [SHARE ...]] 
[-F PATTERN] 
[--search-path PATH]
[--search-timeout TIMEOUT] 
[--download PATH] 
[--upload SRC DST] 
[--delete PATH TO FILE] 
[--skip]

Enumerate Remote Samba Service

No Authentication

smbmap -H 192.168.1.91

With Authentication

smbmap -H 192.168.1.91 -u "admin" -p "admin"

Null Session

smbmap -H 192.168.1.91 -u "" -p ""

SMBMap Managing Files

Download

Upload

Remote Command Execution

smbmap -H 192.168.1.91 -u "admin" -p "admin" -x whoami
smbmap -H 192.168.1.91 -u "admin" -p "admin" -x 'POWERSHELL Reverse SHELL'

Search Files on Remote Share

smbmap --host-file ~/Desktop/smb-workstation-sml.txt 
-u NopSec 
-p 'NopSec1234!' 
-d widgetworld 
-F '[1-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]'

https://github.com/ShawnDEvans/smbmap

Leave a Reply

Back to Top