SMB Enumeration

My basic notes on SMB Enumeration for reference.

What is SMB?

SMB (Server Message Block) is a file sharing protocol which helps users and devices access files, resources remotely on a server. Authorized clients can use SMB client requests and carry out CRUD operations on a remote server.

SMB Shares

SMB share is nothing but a folder that a server makes available on the network for other clients to access. Shares are password protected and users are supposed to enter the correct ones to access the shares. Both public and user-specific shares can be found.

Samba

This service is a common finding on ports 139,445. Samba enables Linux devices to share files, printers, and other resources with Windows systems via the SMB protocol. We can even say that it's a bridge between Linux/Unix and Windows machines.

Enumeration

SMBMap

SMBMap gives a lot of functionality for enumeration including listing of shares, updating/writing to shares, execute remote commands etc.

Example:

smbclient

It's a common tool for samba to list shares on a network and carry out basic file operations on SMB servers.

• Listing shares: smbclient -L 10.201.97.23

• Enumerate the public share and connect to it to see it's contents smbclient //10.201.97.23/websvr

I actually prepared these notes for my own reference because I tend to forget things while solving CTFs or enumerating SMB on targets. We can also do user-specific enumeration for SMB shares but that's a story for a different day. According to my experience of solving CTFs, I have hardly come across any instance where I am required to enumerate any user-specific share.

We can also use Metasploit to enumerate SMB servers using the smb_enumshares module but I will write about that sometime later.