3. SMB Enumeration

SMB ports:

139: NetBIOS
445: Microsoft-DS

NBTscan

Skannar IPs efter NetBIOS information

sudo nbtscan -r 192.168.X.X/24/

Pasted image 20230628140047.png

SMBMap

smbmap -H 192.168.X.X -u <username> -p <password or nt-hash> -d <domain-if-any>

Windows: "net view"

net view \\dc01 /all

Pasted image 20230628140500.png

CrackMapExec:

crackmapexec smb 172.16.6.240-241 172.16.6.254 -u john -d beyond.com -p "dqsTwTpZPn#nL" --<command>

Commands:

--shares              enumerate shares and access
  --sessions            enumerate active sessions
  --disks               enumerate disks
  --loggedon-users-filter LOGGEDON_USERS_FILTER
                        only search for specific user, works with regex
  --loggedon-users      enumerate logged on users
  --users [USER]        enumerate domain users, if a user is specified than only
                        its information is queried.
  --groups [GROUP]      enumerate domain groups, if a group is specified than its
                        members are enumerated
  --computers [COMPUTER]
                        enumerate computer users
  --local-groups [GROUP]
                        enumerate local groups, if a group is specified then its
                        members are enumerated
  --pass-pol            dump password policy
  --rid-brute [MAX_RID]
                        enumerate users by bruteforcing RID's (default: 4000)
  --wmi QUERY           issues the specified WMI query
  --wmi-namespace NAMESPACE
                        WMI Namespace (default: root\cimv2)