SMB
It is common to see that Server Message Block (“SMB”) (445/TCP) service is often available or listening on the target systems. In general, SMB is used for sharing files in both Windows and Linux systems and is notorious for many known vulnerabilities. The most common issue with SMB is a null session misconfiguration which allows unauthenticated users to access the file shares configured with READ access.
Smbclient
Although there are various clients/tools to access SMB, I will be covering Smbclient
, a client that is part of the Samba software suite, today. You may already know all the basic commands of this tool, but I will show you some tricks you probably didn’t know.
Listing Shares (Basic Command — Just for courtesy)
Following command will list all the available shares:
# Null Authentication Allowed
smbclient -L <Target IP># User Specified
smbclient -L <Target IP> -U <Username>
* This will prompt for entering password for the user
Recurse
When there are multiple directories instead of files, it will be tedious to go back and forth to view each directory manually. The Recurse
function allows directory recursion, and it is also useful for the commands like…