SMB Enumeration

SMB is a protocol that allows you to share your resources to other computers over the network.

SMB ( Server Message Block ) Commonly runs on ports 139 or 445.

You can use an nmap scan to determine the status of these ports and to check if they are open:

kali@kali:~$ nmap -v -n -sn <host>/<range> | grep -v "host down"
# This provides a list of IP's on a given range

# We can take on of the IP's to do a port scan
kali@kali:~$ nmap -v -n -Pn <host>

PORT    STATE    SERVICE
21/tcp  open     ftp
22/tcp  open     ssh
139/tcp open     netbios-scn # SMB Port
445/tcp open     microsoft-ds # SMB Port

# You can scan specifically for those ports
kali@kali:~$ nmap -n -v -Pn -p139,445 <host>

PORT    STATE    SERVICE
139/tcp open     netbios-scn # SMB Port
445/tcp open     microsoft-ds # SMB Port

# Now with version scan
kali@kali:~$ nmap -n -v -Pn139,445 -sV <host>

PORT    STATE    SERVICE      VERSION
139/tcp open     netbios-scn  Samba smbd 3.X - 4.X (wokrgroup: Workgroup)
445/tcp open     microsoft-ds Samba smbd 3.X - 4.X (wokrgroup: Workgroup)

We can attempt to use the nse default scripts to check for vulnerabilities

kali@kali:~$ nmap -n -v -Pn -p139,445 -sV --script=smb-vuln* <host>

PreviousGOBUSTER NextMetasploit

Last updated 3 years ago