SMBMap - An SMB Enumeration Tool
SMBMap is a Python-based tool that allows users to enumerate samba share drives across an entire domain.
It offers the following features: List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands.
Requirements:
Features:
- Pass-the-Hash Support
- File upload/download/delete
- Permission enumeration (writable share, meet Metasploit)
- Remote Command Execution
- Distributed file content searching (new!)
- Filename matching (with an auto download capability)
Usage:
smbmap.py [options]
optional arguments:
-h, --Help show this help message and exit
Main arguments:
-H HOST IP of host
--host-file FILE File containing a list of hosts
-u USERNAME Username, if omitted null session assumed
-p PASSWORD Password or NTLM hash
-s SHARE Specify a share (default C$), ex 'C$'
-d DOMAIN Domain name (default WORKGROUP)
-P PORT SMB port (default 445)
Command Execution:
Options for executing commands on the specified host
-x COMMAND Execute a command ex. 'ipconfig /r'
Filesystem Search:
Options for searching/enumerating the filesystem of the specified host
-L List all drives on the specified host
-R [PATH] Recursively list dirs, and files (no share\path lists
ALL shares), ex. 'C$\Finance'
-r [PATH] List contents of directory, default is to list root of
all shares, ex. -r 'C$\Documents and
Settings\Administrator\Documents'
-A PATTERN Define a file name pattern (regex) that auto downloads
a file on a match (requires -R or -r), not case
sensitive, ex '(web|global).(asax|config)'
-q Disable verbose output (basically only really useful
with -A)
File Content Search:
Options for searching the content of files
-F PATTERN File content search, -F '[Pp]assword' (requies admin
access to execute commands, and powershell on victim
host)
--search-path PATH Specify drive/path to search (used with -F, default
C:\Users), ex 'D:\HR\'
Filesystem interaction:
Options for interacting with the specified host's filesystem
--download PATH Download a file from the remote system,
ex.'C$\temp\passwords.txt'
--upload SRC DST Upload a file to the remote system ex.
'/tmp/payload.exe C$\temp\payload.exe'
--delete PATH TO FILE
Delete a remote file, ex. 'C$\temp\msf.exe'
--skip Skip delete file confirmation promptExamples:
$ python smbmap.py -u jsmith -p password1 -d workgroup -H 192.168.0.1$ python smbmap.py -u jsmith -p
'aad3b435b51404eeaad3b435b51404ee:da76f2c4c96028b7a6111aef4a50a94d' -H 172.16.0.20$ python smbmap.py -u 'apadmin' -p 'asdf1234!' -d ACME -H 10.1.3.30 -x
'net group "Domain Admins" /domain'Default Output:
$ python smbmap.py --host-file smb-hosts.txt -u jsmith -p 'R33nisP!nckl3' -d ABC
[+] Reading from stdin
[+] Finding open SMB ports....
[+] User SMB session establishd...
[+] IP: 192.168.0.5:445 Name: unkown
Disk Permissions
---- -----------
ADMIN$ READ, WRITE
C$ READ, WRITE
IPC$ NO ACCESS
TMPSHARE READ, WRITE
[+] User SMB session establishd...
[+] IP: 192.168.2.50:445 Name: unkown
Disk Permissions
---- -----------
IPC$ NO ACCESS
print$ READ, WRITE
My Dirs NO ACCESS
WWWROOT_OLD NO ACCESS
ADMIN$ READ, WRITE
C$ READ, WRITE
Source: www.effecthacking.com
SMBMap - An SMB Enumeration Tool
Reviewed by Anonymous
on
10:43 PM
Rating:
Reviewed by Anonymous
on
10:43 PM
Rating:
