https://github.com/sofianehamlaoui/smb-cheatsheet

Simple, Whatever I need & needed for SMB
https://github.com/sofianehamlaoui/smb-cheatsheet

Last synced: 4 months ago
JSON representation

Simple, Whatever I need & needed for SMB

• Host: GitHub
• URL: https://github.com/sofianehamlaoui/smb-cheatsheet
• Owner: SofianeHamlaoui
• Created: 2023-09-23T02:17:16.000Z (about 2 years ago)
• Default Branch: main
• Last Pushed: 2023-09-23T02:18:01.000Z (about 2 years ago)
• Last Synced: 2025-03-12T10:09:17.520Z (7 months ago)
• Size: 1.95 KB
• Stars: 1
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SMB-Cheatsheet

# List shares on a machine using NULL Session

`smbclient -L `

### List shares on a machine using a valid username + password

`smbclient -L \ -U username%password`

# Connect to a valid share with username + password

`smbclient //\/\ -U username%password`

# List files on a specific share

`smbclient //\/\ -c 'ls' password -U username`

# List files on a specific share folder inside the share

`smbclient //\/\ -c 'cd folder; ls' password -U username`

# Download a file from a specific share folder

`smbclient //\/\ -c 'cd folder;get desired_file_name' password -U username`

# Copy a file to a specific share folder

`smbclient //\/\ -c 'put /var/www/my_local_file.txt .\target_folder\target_file.txt' password -U username`

# Create a folder in a specific share folder

`smbclient //\/\ -c 'mkdir .\target_folder\new_folder' password -U username`

# Rename a file in a specific share folder

`smbclient //\/\ -c 'rename current_file.txt new_file.txt' password -U username`

# enum4linux - General enumeration - anonymous session

`enum4linux -a \`

# enum4linux - General enumeration - authenticated session

`enum4linux -a \ -u \ -p \`

# enum4linux - Users enumeration

`enum4linux -u \ -p \ -U \`

# enum4linux - Group and members enumeration

`enum4linux -u \ -p \ -G \`

# enum4linux - Password policy

`enum4linux -u \ -p \ -P \`

# nmap - Enum Users

`nmap -p 445 --script smb-enum-users \ --script-args smbuser=username,smbpass=password,smbdomain=domain`

`nmap -p 445 --script smb-enum-users \ --script-args smbuser=username,smbhash=LM:NTLM,smbdomain=domain`

`nmap --script smb-enum-users.nse --script-args smbusername=User1,smbpass=Pass@1234,smbdomain=workstation -p445 192.168.1.10`

`nmap --script smb-enum-users.nse --script-args smbusername=User1,smbhash=aad3b435b51404eeaad3b435b51404ee:C318D62C8B3CA508DD753DDA8CC74028,smbdomain=mydomain -p445 192.168.1.10
`

# nmap - Enum Groups

`nmap -p 445 --script smb-enum-groups \ --script-args smbuser=username,smbpass=password,smbdomain=domain`

`nmap -p 445 --script smb-enum-groups \ --script-args smbuser=username,smbhash=LM:NTLM,smbdomain=domain`

# nmap - Enum Shares

`nmap -p 445 --script smb-enum-shares \ --script-args smbuser=username,smbpass=password,smbdomain=domain`

`nmap -p 445 --script smb-enum-shares \ --script-args smbuser=username,smbpass=LM:NTLM,smbdomain=domain`

# nmap - OS Discovery

`nmap -p 445 --script smb-os-discovery \`

# nmap - SMB Vulnerabilities on Windows

`nmap -p 445 --script smb-vuln-ms06-025 target-IP 


nmap -p 445 --script smb-vuln-ms07-029 target-IP 


nmap -p 445 --script smb-vuln-ms08-067 target-IP 


nmap -p 445 --script smb-vuln-ms10-054 target-IP 


nmap -p 445 --script smb-vuln-ms10-061 target-IP 


nmap -p 445 --script smb-vuln-ms17-010 target-IP 


nmap -p 445 --script smb-vuln-cve-2017-7494 target-IP 
`

- - Always check for updated list on [https://nmap.org/nsedoc/scripts/](https://nmap.org/nsedoc/scripts/)

# map - Brute Force Accounts (be aware of account lockout!)

`nmap –p 445 --script smb-brute –script-args userdb=user-list.txt,passdb=pass-list.txt target-IP`