How to Use the Command 'smbmap' (with Examples)
- Linux
- December 17, 2024
smbmap
is a powerful SMB (Server Message Block) enumeration tool used primarily in the field of cybersecurity for penetration testing and network auditing. This tool is particularly useful for identifying SMB shares and their permissions on remote hosts, which can help uncover potential vulnerabilities or misconfigurations in a network environment. It’s commonly used by cybersecurity professionals to assess the security posture of SMB services.
Use Case 1: Display SMB shares and permissions on a host, prompting for user’s password or NTLM hash
Code:
smbmap -u username --prompt -H ip
Motivation:
The first step in assessing the security of a network is often understanding what resources are available. This command helps you enumerate all SMB shares on a given host, enabling you to see what resources are accessible to a specific user. By prompting for a password or NTLM hash, this command ensures that sensitive authentication credentials are handled securely.
Explanation:
-u username
: Specifies the username to use for authentication.--prompt
: Triggers a prompt for the user’s password or, alternatively, an NT address/length hash (NTLM hash).-H ip
: Designates the IP address of the host that you want to enumerate.
Example Output:
[+] IP: 192.168.1.10:445 Name: MYHOST
Disk Permissions
SHARE1 READ, WRITE
ADMIN$ NO ACCESS
Use Case 2: Display SMB shares and permissions on a host with specified domain and using NTLM hash
Code:
smbmap -u username --prompt -d domain -H ip
Motivation:
In environments where domains are used to manage network resources, specifying the domain name can be crucial. This command allows you to specify both the domain and the NTLM hash for authentication, making it suitable for enterprise environments where domain credentials are required for access.
Explanation:
-u username
: The username for authentication.--prompt
: Requests the password or NTLM hash for the specified user.-d domain
: Indicates the domain within which the user exists.-H ip
: The IP address of the target host.
Example Output:
[+] IP: 192.168.1.10:445 Name: DOMAINHOST
Disk Permissions
DATA$ READ ONLY
IPC$ NO ACCESS
Use Case 3: Display SMB shares and list a single level of directories and files
Code:
smbmap -u username --prompt -H ip -r
Motivation:
Sometimes, seeing the immediate contents of directories can provide useful insights without delving into the full directory structure. This command is helpful when you need a quick overview of files and folders within top-level directories of exposed SMB shares.
Explanation:
-u username
: Username for authentication.--prompt
: Prompts for password or NTLM hash.-H ip
: IP address of the target host.-r
: Indicates that the command should only list a single level of directories and files.
Example Output:
[+] IP: 192.168.1.10:445 Name: QUICKVIEW
SHARE1
dr--r--r-- 0 Thu Sep 2 14:45:56 2021 Documents
-r--r--r-- 20480 Thu Sep 2 14:46:56 2021 readme.txt
Use Case 4: Display SMB shares and recursively list a defined number of directories and files
Code:
smbmap -u username --prompt -H ip -R --depth 3
Motivation:
To gain deeper insights into the content and structure of SMB shares, one might need to explore multiple directory levels. This command lets you specify how deep the recursion should go, giving you a detailed view without overwhelming data retrieval operations.
Explanation:
-u username
: User accessing the resources.--prompt
: Calls for the user’s authentication information.-H ip
: Denotes the target IP address.-R
: Activates recursive search through directories.--depth 3
: Sets recursion to a depth of 3 levels.
Example Output:
[+] IP: 192.168.1.10:445 Name: DEPTHVIEW
SHARE2
dr--r--r-- 0 Fri Oct 1 10:00:00 2021 Reports
dr--r--r-- 0 Fri Oct 1 10:30:00 2021 Q1
-r--r--r-- 55810 Fri Oct 1 11:00:00 2021 financials.pdf
Use Case 5: Display SMB shares and recursively list directories and files, downloading files matching a pattern
Code:
smbmap -u username --prompt -H ip -R -A pattern
Motivation:
In certain circumstances, it is crucial to obtain specific files of interest spanning across multiple directories. This command enables the recursive search and download of files meeting specified criteria, such as a particular file name or extension.
Explanation:
-u username
: User for authentication purposes.--prompt
: Initiates a prompt for authentication credential input.-H ip
: IP address of the host system.-R
: Orders a recursive examination of files within directories.-A pattern
: Regular expression pattern used to match and download relevant files.
Example Output:
[+] IP: 192.168.1.10:445 Name: PATTERNSEARCH
SHARE3
-r--r--r-- 123456 Apr 3 12:00:00 2023 report2023.pdf [Downloaded]
Use Case 6: Display SMB shares and recursively list directories and files, searching for file content
Code:
smbmap -u username --prompt -H ip -R -F pattern
Motivation:
Beyond file names, there could be essential data or signs of vulnerabilities embedded within file contents. This command is valuable for scanning files for specific content patterns, an essential step for thorough vulnerability assessments or data audits.
Explanation:
-u username
: Utilizes specified credentials for access.--prompt
: Requests secure submission of authentication details.-H ip
: Host machine’s IP target.-R
: Commands depth searching through directories.-F pattern
: Searches within files for matching content with this regular expression.
Example Output:
[+] IP: 192.168.1.10:445 Name: CONTENTSEARCH
MATCH on SHARE4/document.txt: [Sensitive Data Found]
Use Case 7: Execute a shell command on a remote system
Code:
smbmap -u username --prompt -H ip -x command
Motivation:
For security researchers and administrators, remotely executing shell commands over SMB can streamline diagnostics and network checks. This functionality brings power, yet necessitates caution, emphasizing permissions and ethical usage.
Explanation:
-u username
: Indicated user with execution rights.--prompt
: Calls for authentication entry.-H ip
: Points to the system aimed for command execution.-x command
: Shell command slated for execution remotely.
Example Output:
[+] IP: 192.168.1.10:445 Name: COMMANDHOST
Executing: 'hostname'
Response: 'COMMANDHOST-001'
Use Case 8: Upload a file to a remote system
Code:
smbmap -u username --prompt -H ip --upload source destination
Motivation:
Securely transferring files to a remote SMB share is crucial for administrative tasks and data deployment. This command allows authorized users to upload necessary data without physical access, thereby enhancing operational efficiency.
Explanation:
-u username
: Name of the user effecting changes.--prompt
: Aims to collect secure authentication.-H ip
: Target host’s IP for file upload.--upload source destination
: Transfers indicated source file to a specified destination path on the target system.
Example Output:
[+] IP: 192.168.1.10:445 Name: FILETRANSFER
Uploaded: '/path/to/local/source.txt' to 'SHARE5/backup/source.txt'
Conclusion
The smbmap
command serves as an invaluable tool for data security professionals, enabling effective auditing and administration of SMB shares. With these practical examples, users can understand how to harness its full potential while maintaining security and operational integrity across network environments.