Service Detection
Enumerate Shares
smbclient
CrackMapExec
smbmap
enum4linux-ng
Null Session
rpcclient Enumeration
Access Share
Download File
Download Everything
Upload File
Brute-Force / Password Spray
User Enumeration
RID Cycling
Command Execution
PsExec
WMIExec
SMBExec
Pass-the-Hash
Known Vulnerabilities
EternalBlue (MS17-010)
SambaCry (CVE-2017-7494)
Linux Samba RCE via writable share:NSE Scripts
Quick Reference
| Check | Command |
|---|---|
| List shares | smbclient -L //TARGET -N |
| Null session | rpcclient -U "" -N TARGET |
| RID brute | crackmapexec smb TARGET -u '' -p '' --rid-brute |
| Recursive list | smbmap -H TARGET -R |
| PsExec | impacket-psexec user:pass@TARGET |
| EternalBlue | nmap --script smb-vuln-ms17-010 TARGET |