# SMB (server message block protocol) ###### tags: `service` `network` ## Working ![](https://i.imgur.com/zVZjNlO.png) ## Enumerate Gather usernames, passwords, network information, hostnames, application data, services SMB server usually could be leek the sensitive information if we could exploit it. ->log ->some file have the username or password ### Tools **Enum4Linux** https://github.com/CiscoCXSecurity/enum4linux ``` ./enum4linux.pl -U 10.10.40.130 ``` ![](https://i.imgur.com/fj3Ef5X.png) #### Share list ``` ./enum4linux.pl -U 10.10.40.130 -S ``` ![](https://i.imgur.com/BxvJtm5.png) -U             get userlist -M             get machine list -N             get namelist dump (different from -U and-M) -S             get sharelist -P             get password policy information -G             get group and member list -a             all of the above (full basic enumeration) ## Exploit ### Tpye - remote code execute - misconfigurations ### smbclient Access romote smb server ``` smbclient //<ip>/<share path> ``` ``` - U <username> - P <password> ``` check out the file ``` more <fileName> ``` smb: \> recurse ON smb: \> prompt OFF smb: \> mget * ![](https://i.imgur.com/MokK2uy.png) ``` chmod 660 id_rsa ``` ![](https://i.imgur.com/0nbtScX.png)