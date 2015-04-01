SMBMap - An SMB Enumeration Tool
SMBMap is a Python-based tool that allows users to enumerate samba share drives across an entire domain.
It offers the following features: List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands.
Requirements:
Features:
- Pass-the-Hash Support
- File upload/download/delete
- Permission enumeration (writable share, meet Metasploit)
- Remote Command Execution
- Distributed file content searching (new!)
- Filename matching (with an auto download capability)
Usage:
smbmap.py [options] optional arguments: -h, --Help show this help message and exit Main arguments: -H HOST IP of host --host-file FILE File containing a list of hosts -u USERNAME Username, if omitted null session assumed -p PASSWORD Password or NTLM hash -s SHARE Specify a share (default C$), ex 'C$' -d DOMAIN Domain name (default WORKGROUP) -P PORT SMB port (default 445) Command Execution: Options for executing commands on the specified host -x COMMAND Execute a command ex. 'ipconfig /r' Filesystem Search: Options for searching/enumerating the filesystem of the specified host -L List all drives on the specified host -R [PATH] Recursively list dirs, and files (no share\path lists ALL shares), ex. 'C$\Finance' -r [PATH] List contents of directory, default is to list root of all shares, ex. -r 'C$\Documents and Settings\Administrator\Documents' -A PATTERN Define a file name pattern (regex) that auto downloads a file on a match (requires -R or -r), not case sensitive, ex '(web|global).(asax|config)' -q Disable verbose output (basically only really useful with -A) File Content Search: Options for searching the content of files -F PATTERN File content search, -F '[Pp]assword' (requies admin access to execute commands, and powershell on victim host) --search-path PATH Specify drive/path to search (used with -F, default C:\Users), ex 'D:\HR\' Filesystem interaction: Options for interacting with the specified host's filesystem --download PATH Download a file from the remote system, ex.'C$\temp\passwords.txt' --upload SRC DST Upload a file to the remote system ex. '/tmp/payload.exe C$\temp\payload.exe' --delete PATH TO FILE Delete a remote file, ex. 'C$\temp\msf.exe' --skip Skip delete file confirmation prompt
Examples:
$ python smbmap.py -u jsmith -p password1 -d workgroup -H 192.168.0.1
$ python smbmap.py -u jsmith -p 'aad3b435b51404eeaad3b435b51404ee:da76f2c4c96028b7a6111aef4a50a94d' -H 172.16.0.20
$ python smbmap.py -u 'apadmin' -p 'asdf1234!' -d ACME -H 10.1.3.30 -x 'net group "Domain Admins" /domain'
Default Output:
$ python smbmap.py --host-file smb-hosts.txt -u jsmith -p 'R33nisP!nckl3' -d ABC [+] Reading from stdin [+] Finding open SMB ports.... [+] User SMB session establishd... [+] IP: 192.168.0.5:445 Name: unkown Disk Permissions ---- ----------- ADMIN$ READ, WRITE C$ READ, WRITE IPC$ NO ACCESS TMPSHARE READ, WRITE [+] User SMB session establishd... [+] IP: 192.168.2.50:445 Name: unkown Disk Permissions ---- ----------- IPC$ NO ACCESS print$ READ, WRITE My Dirs NO ACCESS WWWROOT_OLD NO ACCESS ADMIN$ READ, WRITE C$ READ, WRITE
You might also like:
- Advanced Encryption Package - A File Encryption Software for Windows
- Haveged - A Simple Entropy Daemon
- FGscanner - An Open-source URL Scanner
- Havij - Automated SQL Injection Tool
- DVIA - Damn Vulnerable iOS Application
- WAF-FLE - An Open-source ModSecurity Console
- ParameterFuzz - Web Application Security Scanner
- Dumb0 - Simple Script To Harvest Usernames From Popular Forums and CMS
- Burp CO2 - A Collection Of Enhancements for Burp Suite
- Maltrieve - Tool To Retrieve Malware Directly From the Source
- Rekall - Memory Forensic Framework
- Anonymous FTP Scanner - Anonymous FTP Finder for Windows
- Rootkit Hunter - Security Monitoring and Analyzing Tool
- Quarks PwDump - Tool To Extract Credentials From Windows Operating Systems
- iGoat - A Deliberately Insecure iOS Application
- Charles - A Web Debugging Proxy for Windows, Mac OS, and Linux
- pMap - Tool for Passive Discovery, Scanning, and Fingerprinting
- Killtrojan Syslog - Tool To Detect Malware Activity On a System
- Azazel - Userland Anti-debugging & Anti-detection Rootkit
- Pac4Mac - Forensics Framework for Mac OS X
Post a Comment