SMBMap is a powerful tool for enumerating SMB (Server Message Block) shares on a network. It helps in identifying accessible shares, their permissions, and their contents. This guide will walk you through using SMBMap to enumerate SMB shares.

How to Install SMBMap

SMBMap is a Python-based tool and can be installed using the pip package manager.

git clone https://github.com/ShawnDEvans/smbmap.git smbmap
cd smbmap
python3 -m pip install -r requirements.txt

SMBMap Features

  • Pass-the-Hash Support
  • File upload/download/delete
  • Permission enumeration (writable share, meet Metasploit)
  • Remote Command Execution
  • Distributed file content searching (beta!)
  • File name matching (with an auto download capability)

SMB Help

usage: smbmap.py

[-h] (-H HOST | --host-file FILE) 
[-u USERNAME] [-p PASSWORD | --prompt] 
[-s SHARE]
[-d DOMAIN]
[-P PORT] [-v] 
[--admin]
[--no-banner] 
[--no-color] 
[--no-update] 
[-x COMMAND] 
[--mode CMDMODE]
[-L | -R [PATH]
-r [PATH]] 
[-A PATTERN
-g FILE
--csv FILE] 
[--dir-only] [--no-write-check] 
[-q] [--depth DEPTH] 
[--exclude SHARE [SHARE ...]] 
[-F PATTERN] 
[--search-path PATH]
[--search-timeout TIMEOUT] 
[--download PATH] 
[--upload SRC DST] 
[--delete PATH TO FILE] 
[--skip]

Enumerate Remote Samba Service

No Authentication

smbmap -H 192.168.1.91

With Authentication

smbmap -H 192.168.1.91 -u "admin" -p "admin"

Null Session

smbmap -H 192.168.1.91 -u "" -p ""

SMBMap Managing Files

Download

Upload

Remote Command Execution

smbmap -H 192.168.1.91 -u "admin" -p "admin" -x whoami
smbmap -H 192.168.1.91 -u "admin" -p "admin" -x 'POWERSHELL Reverse SHELL'

Search Files on Remote Share

smbmap --host-file ~/Desktop/smb-workstation-sml.txt 
-u NopSec 
-p 'NopSec1234!' 
-d widgetworld 
-F '[1-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9][0-9][0-9]'

https://github.com/ShawnDEvans/smbmap

Categorized in:

Penetration Testing Tools,

Last Update: November 6, 2023

Tagged in:

,