x

AD SMB (445)

SMB is a network protocol that was developed for file sharing. It enabled computers to share files, printers and other resources over a network.

SMB supports multiple features such as:

  • File sharing
  • Printer sharing
  • RPC
  • Inter-Process Communication
  • Authentication and Security

There are different protocol versions

  • SMBv1 - Deprecated with several security vulnerabilities (WannaCry)
  • SMBv2 - Improves performance
  • SMBv3 - Supports end-to-end encryption for file transfer over untrusted networks, more performance improvements

It can run over multiple ports

  • TCP/IP
  • NetBIOS (137-139)
  • Over UDP

Bruteforcing

Check 24.3 - Spraying and Praying 

netexec smb <target> -u <user> -H <NTLM hash>

Shared Folder Access

To share a folder within the DC, proceed as follows 

mkdir C:\SharedFiles
Right Click -> Share -> Share

To access the shared folder, you can use file explorer with the following: 

\\DC01\SharedFiles

Or remotely with smbclient (use a password prompt if possible to avoid terminal information disclosure IRL) 

smbclient //IP/SharedFiles -U 'escape.lab/oscar'

smbclient //IP/SharedFiles -U 'escape.lab/oscar%Password123!'

To access the shared folder over the network from a linux machine, smbmap and smbclient are most useful 

smbmap -H IP

smbmap -H IP -u oscar -p 'Password123!'

Show files and directories in a specific share 

smbmap -H IP -u oscar -p 'Password123!' -r "SharedFiles"

Mount a share 

smbmount //X.X.X.X/c$ /mnt/remote/ -o username=user,password=pass,rw
Left-click: follow link, Right-click: select node, Scroll: zoom
x