How to use the command `smbmap` (with examples)
- Linux
- December 25, 2023
Smbmap is a command-line tool that allows you to enumerate SMB (Server Message Block) shares on a host. It can be used for discovering open shares, listing files and directories, and executing commands on a remote system. The command provides various options to customize the output and behavior of the enumeration process.
Use case 1: Display SMB shares and permissions on a host, prompting for user’s password or NTLM hash
Code:
smbmap -u username --prompt -H ip
Motivation: This use case is useful when you don’t want to hardcode the password or NTLM hash in the command and prefer to be prompted for it during runtime. This enhances security by reducing the risk of exposing sensitive information in the command history.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Permissions: READ, WRITE
Use case 2: Display SMB shares and permissions on a host, specifying the domain and passing the password NTLM hash
Code:
smbmap -u username --prompt -d domain -H ip
Motivation: This use case is relevant when the SMB server is part of a domain, and explicit domain information is required for successful authentication.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-d domain: Specifies the domain for authentication.-H ip: Specifies the target host IP address.
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Permissions: READ, WRITE
Use case 3: Display SMB shares and list a single level of directories and files
Code:
smbmap -u username --prompt -H ip -r
Motivation: This use case is beneficial when you want to quickly retrieve a list of directories and files within the SMB shares on a host.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.-r: Lists a single level of directories and files.
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Directory: .
[+] File: file1.txt
[+] File: file2.txt
...
Use case 4: Display SMB shares and recursively list a defined number of levels of directories and files
Code:
smbmap -u username --prompt -H ip -R --depth 3
Motivation: This use case is useful when you need to explore the SMB shares in-depth by recursively listing directories and files up to a specified depth.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.-R: Recursively lists directories and files.--depth 3: Specifies the depth of recursion (in this example, 3 levels).
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Directory: .
[+] Directory: dir1
[+] Directory: subdir1
[+] File: file1.txt
[+] File: file2.txt
...
Use case 5: Display SMB shares and recursively list directories and files, downloading the files matching a regular expression
Code:
smbmap -u username --prompt -H ip -R -A pattern
Motivation: This use case is handy when you want to fetch specific files from SMB shares that match a certain pattern using regular expressions.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.-R: Recursively lists directories and files.-A pattern: Downloads files matching the specified regular expression pattern.
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Directory: .
[+] File: important.docx
[+] File: confidential.xlsx
Use case 6: Display SMB shares and recursively list directories and files, searching for file content matching a regular expression
Code:
smbmap -u username --prompt -H ip -R -F pattern
Motivation: This use case is helpful when you want to search for specific file content within the SMB shares using regular expressions.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.-R: Recursively lists directories and files.-F pattern: Searches for file content matching the specified regular expression pattern.
Example output:
[+] IP: \ip
[+] Sharename: C$
[+] Directory: .
[+] File: report.pdf
[+] File: technical_document.docx
Use case 7: Execute a shell command on a remote system
Code:
smbmap -u username --prompt -H ip -x command
Motivation: This use case allows you to execute arbitrary shell commands on the remote system, providing a powerful way to interact with the underlying operating system.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.-x command: Executes the specified shell command on the remote system.
Example output:
[+] IP: \ip
[+] Output of command: whoami
[+] Administrator
Use case 8: Upload a file to a remote system
Code:
smbmap -u username --prompt -H ip --upload source destination
Motivation: This use case enables you to upload a file from the local system to a remote system via SMB, allowing convenient file transfer between machines.
Explanation:
smbmap: The command itself.-u username: Specifies the username for authentication.--prompt: Prompts for the user’s password or NTLM hash.-H ip: Specifies the target host IP address.--upload source destination: Uploads the file from the specified source path to the destination path on the remote system.
Example output:
[+] IP: \ip
[+] Upload successful: file.txt
Conclusion:
The smbmap command is a powerful tool for SMB enumeration, providing a wide range of options to explore and interact with SMB shares on a host. Whether you need to list directories, search for specific files, execute commands, or transfer files, smbmap offers the flexibility necessary to accomplish these tasks effectively.
