is a Python-based tool that allows users to enumerate samba share drives across an entire domain.

It offers the following features: List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands.

smbmap.py [options]

optional arguments:
  -h, --Help            show this help message and exit

Main arguments:
  -H HOST               IP of host

  --host-file FILE      File containing a list of hosts

  -u USERNAME           Username, if omitted null session assumed

  -p PASSWORD           Password or NTLM hash

  -s SHARE              Specify a share (default C$), ex 'C$'

  -d DOMAIN             Domain name (default WORKGROUP)

  -P PORT                port (default 445)

Command Execution:
  Options for executing commands on the specified host

  -x COMMAND            Execute a command ex. 'ipconfig /r'

Filesystem Search:
  Options for searching/enumerating the filesystem of the specified host

  -L                    List all drives on the specified host

  -R [PATH]             Recursively list dirs, and files (no sharepath lists

                        ALL shares), ex. 'C$'

  -r [PATH]             List contents of directory, default is to list root of

                        all shares, ex. -r 'C$Documents and

                        SettingsAdministratorDocuments'

  -A PATTERN            Define a file name pattern (regex) that auto downloads

                        a file on a match (requires -R or -r), not case

                        sensitive, ex '(web|global).(asax|config)'

  -q                    Disable verbose output (basically only really useful

                        with -A)

File Content Search:
  Options for searching the content of files

  -F PATTERN            File content search, -F '[Pp]assword' (requies admin

                        access to execute commands, and powershell on victim

                        host)

  --search-path PATH    Specify drive/path to search (used with -F, default

                        C:Users), ex 'D:HR'

Filesystem interaction:
  Options for interacting with the specified host's filesystem

  --download PATH       Download a file from the remote system,

                        ex.'C$temppasswords.txt'

  --upload SRC DST      Upload a file to the remote system ex.

                        '/tmp/payload.exe C$temppayload.exe'

  --delete PATH TO FILE

                        Delete a remote file, ex. 'C$tempmsf.exe'

  --skip                Skip delete file confirmation prompt

Examples:

$ python smbmap.py -u jsmith -p password1 -d workgroup -H 192.168.0.1
$ python smbmap.py -u jsmith -p 
'aad3b435b51404eeaad3b435b51404ee:da76f2c4c96028b7a6111aef4a50a94d' -H 2.16.0.20
$ python smbmap.py -u 'apadmin' -p 'asdf1234!' -d ACME -H 10.1.3.30 -x 
'net group "Domain Admins" /domain'

Default Output:

$  python smbmap.py --host-file smb-hosts.txt -u jsmith -p 'R33nisP!nckl3' -d ABC
[+] Reading from stdin
[+] Finding open SMB ports....
[+] User SMB session establishd...
[+] IP: 192.168.0.5:445 Name: unkown                                            
        Disk                                                    Permissions
        ----                                                    -----------
        ADMIN$                                                  READ, WRITE
        C$                                                      READ, WRITE
        IPC$                                                    NO ACCESS
        TMPSHARE                                                READ, WRITE
[+] User SMB session establishd...
[+] IP: 192.168.2.50:445        Name: unkown                                            
        Disk                                                    Permissions
        ----                                                    -----------
        IPC$                                                    NO ACCESS
        print$                                                  READ, WRITE
        My Dirs                                                 NO ACCESS
        WWWROOT_OLD                                             NO ACCESS
        ADMIN$                                                  READ, WRITE
        C$                                                      READ, WRITE



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here