# SMB Enum

## SMB Enum

Check for port **139-NetBIOS** and **445-SMB**

[Using nmap](https://www.notion.so/Using-nmap-815ff424ec6844089cb6b153eedcc4bd)

[nmblookup](https://www.notion.so/nmblookup-176364517d784826852bdf0a34b370f6)

[smbclient](https://www.notion.so/smbclient-d4b6973a24d442b9895d58c75dde7899)

[enum4linux](https://www.notion.so/enum4linux-7ff9e2b8e01f4397ba3f4d7c083260a1)

## Using nmap

**Nmap SMB NSE Scripts :- ls /usr/share/nmap/scripts/smb**\*

Ex:- nmap -v -p 139, 445 --script=smb-os-discovery 10.11.1.227 nmap -v -p 139,445 --script smb-vuln\* 10.11.1.5

* nmap --script smb-enum-shares.nse -p445 10.10.10.123

  * this will give directory in which this share lies

  ## nmblookup

  Display information about target nmblookup -A \<ip>

## smbclient

* Enumerate the shares smbclient -L //\<ip> -N **-L** to look at available service **-N** force tool not to ask password
* smbclient //\<ip>/\<share> -N

## enum4linux

* enum4linux -n \<ip> to check null session
* enum4linux -a \<ip> to gather info
* enum4linux -s \<wordlist>\<ip> to enum with other list