search
ShopAuthorPatreonHTB Pro Labs

🟢NetBIOS 139

sudo nmap -sT -sU -sV -p135,137,138,139,445 --open <IP>

hashtag
Enumerate shares

nmap --script smb-enum-shares -p 445

hashtag
OS Discovery

nmap --script smb-os-discovery -p 445

hashtag
Enumerate Users

nmap --script=smb-enum-users -p 445

hashtag
All

nmap --script=smb-enum-users,smb-enum-shares,smb-os-discovery -p 139,445

hashtag
NULL / Anonymous Login

# On some configuration omitting '-N' will grant access.
smbclient -U '' -L \\\\<IP> 

smbclient -U '' -N -L \\\\<IP> 
smbclient -U '%' -N -L \\\\<IP>
smbclient -U '%' -N \\\\<IP>\\<Folder>

# Enter a random username with no password and try for anonymous login.
crackmapexec smb <IP> -u 'anonymous' -p ''

crackmapexec smb <IP> -u '' -p ''
crackmapexec smb <IP> -u '' -p '' --shares

hashtag
Crackmapexec

PreviousHTTP 80NextSMB 445

Last updated