SMBCLIENT
INSTALLATION
root@oco:~$ sudo apt install smbclient
LISTING SHARES: PASSWORD MISCONFIGURATION
#test whether the server have password misconfiguration
root@oco:~$ smbclient -h
root@oco:~$ smbclient -L {\\\\targetIP} -U {userName}
* the -L flag is used to list available shares on the target.
* the -U flag is used to specify the Login identity to use.
- misconfigured smb servers typically have administrator as the username
with an unset password
LISTING SHARES: W/O PASSWORD
root@oco:~$ smbclient -h
root@oco:~$ smbclient -N -L \\\\10.129.42.253
Sharename Type Comment
-------- ---- -------
print$ Disk Printer Drivers
users Disk
IPC$ IPC IPC Service (gs-svcscan server (Samba, Ubuntu))
SMB1 disabled -- no workgroup available
* the -N suppresses the password prompt
* the -L is used to list available shares on the target
ACCESSING SHARES: W/ FULL CREDENTIALS
root@oco:~$ smbclient \\\\10.129.150.91\\users -U bob%Welcome1
* MUST list shares first prior to connecting with credentialsCONNECTION: W/ PASSWORD
root@oco:~$ smbclient //10.129.150.91/users -U bob%Welcome1
Try "help" to get a list of possible commands.
* MUST list shares first prior to connecting with credentials
- smbclient needs a share path, like //IP/SHARE.
- Without a share, it doesn't know what to connect to.
* can use backslash instead of forward slashes
- \\\\10.129.150.91\\users -U bob%Welcome1
smb: \> ls
. D 0 Thu Feb 25 16:42:23 2021
.. D 0 Thu Feb 25 15:05:31 2021
bob D 0 Thu Feb 25 16:42:23 2021
4062912 blocks of size 1024. 1332480 blocks available
smb: \> cd bob
smb: \bob\> ls
. D 0 Thu Feb 25 16:42:23 2021
.. D 0 Thu Feb 25 16:42:23 2021
passwords.txt N 156 Thu Feb 25 16:42:23 2021
4062912 blocks of size 1024. 1332480 blocks available
smb: \bob\> get passwords.txt
getting file \bob\passwords.txt of size 156 as passwords.txt (0.3 KiloBytes/sec) (average 0.3 KiloBytes/sec)
smb: \> exit
root@oco:~$ cat passwords.txt
...Last updated