Notes - Attack by ports/protocols: SMB tcp:139,445

Jun 1, 2022

1 min read

tcp/139 smb

grep the smb version, https://github.com/rewardone/OSCPRepo/blob/master/scripts/recon_enum/smbver.sh

> ngrep -i -d tun0 's.?a.?m.?b.?a.*[[:digit:]]'
> smbclient -L \\\\ip -N

new smbclient doesn’t support old protocols, to enable

# edit /etc/samba/smb.conf under `global`
client min protocol = LANMAN1

> service smbd restart

smb 3.4.5 symlink directory traversal: https://github.com/roughiz/Symlink-Directory-Traversal-smb-manually
List all smb shared

> smbclient -L \\\\{target-ip}\\ -U {user_name}

Recurse all content under share

> smbmap -u {user} -p {pass} -H {target-ip} -d {target.domain} -R

Exploits

MS08-067 (smb-vuln-ms08-067): https://www.exploit-db.com/exploits/40279