SMB scanning and enumeration
Over the years, the Server Message Block (SMB) protocol, a network file sharing protocol implemented in Microsoft Windows, has proven to be one of the most abused protocols, allowing from sharing and user enumeration up to remote code execution.
How to do it...
- Using the SMB Share Enumeration auxiliary module without authentication, allows us to collect some valuable information, such as share names and OS versions and services packs:
msf > use auxiliary/scanner/smb/smb_enumshares msf auxiliary(smb_enumshares) > set RHOSTS 192.168.216.10,129 RHOSTS => 192.168.216.10,129 msf auxiliary(smb_enumshares) > run ... [+] 192.168.216.129:139 - IPC$ - (I) IPC Service (metasploitable server (Samba 3.0.20-Debian)) [+] 192.168.216.129:139 - ADMIN$ - (I) IPC Service (metasploitable server (Samba 3.0.20-Debian)) [*] Scanned 2 of 2 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(smb_enumshares) >
- The SMB Share Enumeration auxiliary module...