#samba #smb #share #windows #nmap #scan #exploitation #enumeration

Samba is the standard Windows interoperability suite of programs for Linux and Unix. It allows end-users to access and use files, printers, and other commonly shared resources on a company's intranet or internet. Its often referred to as a network file system.

Samba is based on the common client/server protocol of Server Message Block (SMB), ports 139 and 445. SMB is developed only for Windows; without Samba, other computer platforms would be isolated from Windows machines, even if they were part of the same network.

Enumerating

The enumeration process is one of the most important phases because it will indicate what is worth attacking. To enumerate SMB shares we can Scan the SMB Shares with Nmap.

Inspecting SMB Shares in Linux

• We can use the command smbclient. We can download files using the mget built-in command:

smbclient //TARGET_IP/anonymous
mget log.txt

• We can use smbget to download SMB files recursively:

smbget -R smb://TARGET_IP/anonymous

Accessing the remote files

To access the remote files from an SMB share, we can Mount Remote SMB Windows Share on Linux.

Exploiting SMB

We can use Metasploit to exploit SMB vulnerabilities. Another interesting set of tools is the Impacket Tools which is a collection of Python classes for working with network protocols.

References

• http://www.iodigitalsec.com/windows-null-session-enumeration/

• http://pen-testing.sans.org/blog/2013/07/24/plundering-windows-account-info-via-authenticated-smb-sessions

• http://carnal0wnage.attackresearch.com/2007/07/enumerating-user-accounts-on-linux-and.html

• http://www.madirish.net/59