SMB Enumeration and recon notes.

SMB null sessions are unauthenticated sessions against smb shares, and anonymous access to hidden shares is available.

Connect and Enumerate Shares

smbclient

smbmap

Command Execution via smbclient

Start nc listener from attacker:

nc -lnvp 1233

Get shell over smb with winexe

SMB Enumeration
Tagged on: