Quartz 4

SMBClient

2 min read

tags: SMBClient Enumerazione_SMB

Quando troviamo una porta 445 aperta possiamo provare ad enumerare le cartelle condivise tramite smbclient con i seguenti comandi:

smbclient -L //10.10.17.192 -N         
 
	Sharename       Type      Comment
	---------       ----      -------
	ADMIN$          Disk      Remote Admin
	C$              Disk      Default share
	IPC$            IPC       Remote IPC
	nt4wrksv        Disk      
Reconnecting with SMB1 for workgroup listing.
do_connect: Connection to 10.10.17.192 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Unable to connect with SMB1 -- no workgroup available

Una volta trovate le cartelle possiamo provare a connetterci tramite il seguente comando:

smbclient //10.10.17.192/nt4wrksv -N
Try "help" to get a list of possible commands.
smb: \> ls
  .                                   D        0  Sat Jul 25 23:46:04 2020
  ..                                  D        0  Sat Jul 25 23:46:04 2020
  passwords.txt                       A       98  Sat Jul 25 17:15:33 2020
 
		7735807 blocks of size 4096. 5137482 blocks available
smb: \> get passwords.txt 
getting file \passwords.txt of size 98 as passwords.txt (0.4 KiloBytes/sec) (average 0.4 KiloBytes/sec)
smb: \>

Una volta dentro puoi usare il comando help per vedere quali comandi siano disponibili, oppure aggiungere un ! davanti ad un comando Linux o Windows a seconda della macchina che si possiede per eseguire quel comando in SMB:

smb: \> !cat prep-prod.txt
 
[] check your code with the templates
[] run code-assessment.py
[] …

Samba Status

smbstatus
 
Samba version 4.11.6-Ubuntu
PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing              
----------------------------------------------------------------------------------------------------------------------------------------
75691   sambauser    samba        10.10.14.4 (ipv4:10.10.14.4:45564)      SMB3_11           -                    -                    
 
Service      pid     Machine       Connected at                     Encryption   Signing     
---------------------------------------------------------------------------------------------
notes        75691   10.10.14.4   Do Sep 23 00:12:06 2021 CEST     -            -           
 
No locked files

Graph View