SMB

SMB (Server Message Block) is prevalent on Windows systems and provides many vectors for vertical and lateral movement. Some may be vulnerable to RCE exploits like EternalBlue.

The NMAP smb-os-discovery.nse script is used to enumerate SMB and extract the reported OS version.

SMB allows users and admins to share folders and make them accessible remotely by other users. These shares have files that contain sensitive information like passwords.

The smbclient tool can be used to interact and enumerate SMB shares:

smbclient -N -L \\\\\\\\<target>

The -L flag specifies that we want a list of available shares on the remote host.

The -N flag suppresses the password prompt.

To specify a user we can use the -U flag:

smbclient -U <user> \\\\\\\\<target>\\\\<users>