SMB

Scanning for NetBIOS Service

It should be noted that SMB (TCP port 445) and NetBIOS are two separate protocols. NetBIOS is an independent session layer protocol and service that allows computers on a local network to communicate with each other. While modern implementations of SMB can work without NetBIOS, NetBIOS over TCP (NBT)211 is required for backward compatibility and is often enabled together.

TCP/UDP 139 nmap:

nmap -v -p 139,445 -oG smb.txt <ip>.1-254

nbtscan:

sudo nbtscan -r <ip>/24

nmap with script:

nmap -v -p 139,445 --script=smb-os-discovery <ip>

Enumerate SMB content

sudo smbmap -H $IP

Mounting:

sudo mount -t cifs -o port=445 //$IP/<share> /mnt/<local_folder>

Note:

Windows Server 2016 no longer supports SMBv1. You need to update your SMB config on Kali to use version 2. Edit: /etc/samba/smb.conf adding this line:

min protocol = SMB2

and restart the process:

sudo /etc/init.d/smbd restart

Samba usage

smbclient -L //<ip>
smbclient //<ip>/<share>

# download all
smbclient '\\server\share'
mask ""
recurse ON
prompt OFF
cd 'path\to\remote\dir'
lcd '~/path/to/download/to/'
mget *