[TIP] Smbclient

bigb0ss
3 min readJan 28, 2020

SMB

It is common to see that Server Message Block (“SMB”) (445/TCP) service is often available or listening on the target systems. In general, SMB is used for sharing files in both Windows and Linux systems and is notorious for many known vulnerabilities. The most common issue with SMB is a null session misconfiguration which allows unauthenticated users to access the file shares configured with READ access.

Smbclient

Although there are various clients/tools to access SMB, I will be covering Smbclient, a client that is part of the Samba software suite, today. You may already know all the basic commands of this tool, but I will show you some tricks you probably didn’t know.

Listing Shares (Basic Command — Just for courtesy)

Following command will list all the available shares:

# Null Authentication Allowed
smbclient -L <Target IP>
# User Specified
smbclient -L <Target IP> -U <Username>
* This will prompt for entering password for the user

Recurse

When there are multiple directories instead of files, it will be tedious to go back and forth to view each directory manually. The Recurse function allows directory recursion, and it is also useful for the commands like mget and mput. So it makes it easy to download/upload entire directories at one shot.

# Using Recurse
smbclient '\\<Target IP>\<Target Dir>' -U <Username>
smb: \> recurse # Enabling directory recursion
smb: \> ls # Showing recursion of the directory
smb: \> mget <Target Directory to Download>
smb: \> mput <Target Directory to Upload>
smb: \> recurse # Disabling directory recursion

Allinfo

You can also check file attributes of the files stored in SMB shares by using smbclient’s Allinfo function. File attributes are metadata values stored by the file system on disk. Sometimes, you can find some juicy information by inspecting these. Depending on file systems like NTFS, the file can be shown as 0…

--

--

bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security