SMBClient

tags: SMBClient Enumerazione_SMB

Quando troviamo una porta 445 aperta possiamo provare ad enumerare le cartelle condivise tramite smbclient con i seguenti comandi:

smbclient -L //10.10.17.192 -N         
 
	Sharename       Type      Comment
	---------       ----      -------
	ADMIN$          Disk      Remote Admin
	C$              Disk      Default share
	IPC$            IPC       Remote IPC
	nt4wrksv        Disk      
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.17.192 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available

Una volta trovate le cartelle possiamo provare a connetterci tramite il seguente comando:

smbclient //10.10.17.192/nt4wrksv -N
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Jul 25 23:46:04 2020
  ..                                  D        0  Sat Jul 25 23:46:04 2020
  passwords.txt                       A       98  Sat Jul 25 17:15:33 2020
 
		7735807 blocks of size 4096. 5137482 blocks available
smb: \> get passwords.txt 
getting file \passwords.txt of size 98 as passwords.txt (0.4 KiloBytes/sec) (average 0.4 KiloBytes/sec)
smb: \>

Quartz 4

Explorer

SMBClient

Graph View