How can I perform enumeration on SMB shares and their permissions

0 votes
I want to gather information about SMB shares and their access permissions on a network. What tools, such as smbclient, enum4linux, or smbmap, can I use for this purpose? How can I analyze the results to identify potential vulnerabilities in the permissions?

Detailed examples of the process and best practices would be helpful.
Nov 15 in Cyber Security & Ethical Hacking by Anupam
• 5,390 points
42 views

1 answer to this question.

0 votes

Performing SMB Share Enumeration and Analyzing Permissions

A protocol called SMB (Server Message Block) is used to share resources, such as printers, and files. During a security evaluation, listing SMB shares and associated permissions can assist in identifying configuration errors and access flaws.

Below are tools, methods, and examples for effectively enumerating SMB shares and analyzing their permissions.

1. Using smbclient

smbclient is a command-line tool that functions like an FTP client for SMB shares.

Enumerate Shares:

smbclient -L //<target-ip> -U <username>
  • -L lists available shares.
  • Replace <username> with anonymous for unauthenticated access or provide valid credentials.

Example:

smbclient -L //192.168.1.100 -U anonymous

Access a Share:

smbclient //<target-ip>/<share-name> -U <username>

Example:

smbclient //192.168.1.100/public -U anonymous

Once connected, use commands like:

  • ls: List files.
  • cd <directory>: Change directory.
  • get <file>: Download a file.

2. Using enum4linux

enum4linux is a powerful tool for SMB enumeration, providing comprehensive information about shares, users, and groups.

enum4linux <target-ip>

Focused Enumeration:

List shares:

enum4linux -S <target-ip>

List users:

enum4linux -U <target-ip>

Example Output:

Sharename       Type      Comment
---------       ----      -------
IPC$            IPC       Remote IPC
public          Disk      Shared directory

3. Using smbmap

smbmap provides detailed information about share access permissions and file-level access.

smbmap -H <target-ip>

Example:

smbmap -H 192.168.1.100

Detailed Permissions:

smbmap -H <target-ip> -u <username> -p <password>

Recursive File Listing:

smbmap -H <target-ip> -R

Example Output:

Disk            Permissions    Comment
----            -----------    -------
public          READ           Shared directory
private         NO ACCESS      Confidential data

4. Using nmap with SMB Scripts

Nmap’s SMB scripts can enumerate shares, users, and permissions.

List Shares:

nmap --script smb-enum-shares -p 445 <target-ip>

List Users:

nmap --script smb-enum-users -p 445 <target-ip>

Example Output:

| smb-enum-shares:
|   Share       Type   Comment
|   -------     ----   -------
|   public      Disk   Shared directory
|   IPC$        IPC    Remote IPC

5. Using rpcclient

rpcclient allows querying the SMB server for detailed information.

Enumerate Shares:

rpcclient -U <username> <target-ip>

Example Commands

Connect to server:

rpcclient -U anonymous 192.168.1.100

List shares:

netshareenum

List users:

enumdomusers

6. Analyzing Permissions

  • Look for open shares like public or everyone with no restrictions.
  • Check for read/write access that shouldn't be available to unauthenticated users.
  • Test file upload/download capabilities to validate permissions.

Tools for Permission Analysis:

  • smbmap shows access levels (e.g., READ, WRITE).
  • Manual Testing: Use smbclient to attempt creating or modifying files in writable shares.

answered Nov 20 by CaLLmeDaDDY
• 6,540 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
1 answer

How can I perform LDAP enumeration to extract user account information?

Performing LDAP enumeration is an essential step ...READ MORE

answered Nov 18 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
40 views
0 votes
1 answer
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
114 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer
0 votes
1 answer

How do I use Metasploit to perform NetBIOS enumeration on a target?

It's common practice to use Metasploit for ...READ MORE

answered Nov 18 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
49 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP