Enumerating SAMBA for shares

Samba is the standard Windows interoperability suite of programs for Linux and Unix. It allows end users to access and use files, printers and other commonly shared resources on a companies intranet or internet. Its often referred to as a network file system.

Samba is based on the common client/server protocol of Server Message Block (SMB). SMB is developed only for Windows, without Samba, other computer platforms would be isolated from Windows machines, even if they were part of the same network.

Using nmap we can enumerate a machine for SMB shares.

Nmap has the ability to run to automate a wide variety of networking tasks. There is a script to enumerate shares!

nmap -p 445 –script=smb-enum-shares.nse,smb-enum-users.nse TARGET

SMB has two ports, 445 and 139.

smbclient //<ip>/anonymous

smbget -R smb://<ip>/anonymous

nmap -p 111 –script=nfs-ls,nfs-statfs,nfs-showmount 10.10.92.61

Netcat command is a networking command-line tool in Linux. It works like a port scanning tool or a network monitoring tool.

The netcat command used for :

Port scanning
Copying files over a server
Creating a command-line chat server
Port forwarding
Creating Backdoors
Fingerprinting

Use Searchploit to Find Exploit offline

SearchSploit is a command-line search tool for Exploit-DB.

To install SearchSploit

sudo apt update && sudo apt -y install exploitdb

Updating SearchSploit:  run the following command to update SearchSploit,

searchsploit -u

Usage

searchsploit ProFTPd 1.3.5

searchsploit IIS 6.0

Exploit