eJPT Junior Penetration Tester
ShopAuthorPatreonHTB Pro Labs
eJPT Junior Penetration Tester
eJPT Junior Penetration Tester
  • 🍕eJPT Study Notes
  • Author
  • eCPPTv2 Study Notes
  • INE eJPT Exam
    • Description
    • eJPT Certification
  • RFS Tips
    • Before the Exam
    • Prepare your Setup
    • Questions?
    • Start Hacking
  • Methodology
    • 1️⃣To Scan a Network
    • 2️⃣To Attack a Linux Machine
    • 3️⃣To Attack a Windows Machine
    • 4️⃣Pivoting Methodology
    • 5️⃣Linux Post Exploitation
    • 6️⃣Windows Post Exploitation
  • Community
    • LinkedIn
    • Discord
  • Networking
    • 🟢OSI Layers
    • 🟢Protocols
    • 🟢Subnetting
    • 🟢Routing
    • Pivoting
  • Network Protocols
    • 🟢FTP 21
    • 🟢SSH 22
    • ✅HTTP 80
    • 🟢NetBIOS 139
    • 🟠SMB 445
    • MySQL 3306
    • 🟢RDP 3389
  • Web Attacks
    • XSS
    • SQLi
    • Path Traversal
    • Command Injection
    • LFI - Local File Inclusion
    • LFI cheatsheet - HTB
  • Web CMS Attacks
    • Wordpress
    • Joomla
    • TomCat
  • Exploits
    • Search Exploits
    • Linux
    • Windows
  • Tools
    • dirb
    • 🟢Gobuster
    • Nmap
    • Netcat
    • Burpsuite
    • 🟢SQLMap
    • 🟢Metasploit
    • Hydra
    • 🟢John the Ripper
    • Hashcat
  • Web Tools
    • 😍RevShells
    • MD5 Crack
    • CyberChef
    • SecLists
  • TryHackMe Rooms
    • DogCat
    • Archangel
    • OWASP Juice Shop
  • Hack The Box Rooms
    • Page 2
  • Create Your Own Lab
    • Page 3
  • Other Resources
    • Page 1
  • TCM Security Courses
    • Page 4
Powered by GitBook
On this page
  • Enumerate shares
  • OS Discovery
  • Enumerate Users
  • All
  • NULL / Anonymous Login
  • Crackmapexec

Was this helpful?

  1. Network Protocols

NetBIOS 139

sudo nmap -sT -sU -sV -p135,137,138,139,445 --open <IP>

Enumerate shares

nmap --script smb-enum-shares -p 445

OS Discovery

nmap --script smb-os-discovery -p 445

Enumerate Users

nmap --script=smb-enum-users -p 445

All

nmap --script=smb-enum-users,smb-enum-shares,smb-os-discovery -p 139,445

NULL / Anonymous Login

# On some configuration omitting '-N' will grant access.
smbclient -U '' -L \\\\<IP> 

smbclient -U '' -N -L \\\\<IP> 
smbclient -U '%' -N -L \\\\<IP>
smbclient -U '%' -N \\\\<IP>\\<Folder>

# Enter a random username with no password and try for anonymous login.
crackmapexec smb <IP> -u 'anonymous' -p ''

crackmapexec smb <IP> -u '' -p ''
crackmapexec smb <IP> -u '' -p '' --shares

Crackmapexec

crackmapexec smb <IP> -u <User> -p <Password> --rid-brute
crackmapexec smb <IP> -u <User> -p <Password> --lsa
crackmapexec smb <IP> -u <User> -p <Password> --sam
crackmapexec smb <IP> -u <User> -p <Password> --pass-pol
crackmapexec smb <IP> -u <User> -p <Password> --local-groups
crackmapexec smb <IP> -u <User> -p <Password> --groups
crackmapexec smb <IP> -u <User> -p <Password> --users
crackmapexec smb <IP> -u <User> -p <Password> --sessions
crackmapexec smb <IP> -u <User> -p <Password> --disks
crackmapexec smb <IP> -u <User> -p <Password> --loggedon-users
crackmapexec smb <IP> -u <User> -p <Password> --loggedon-users --sessions --users --groups --local-groups --pass-pol --sam --rid-brute 2000
PreviousHTTP 80NextSMB 445

Last updated 2 years ago

Was this helpful?

🟢