Samba Recon: Basics

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.

Objective: Answer the following questions:

1. Find the default tcp ports used by smbd.

2. Find the default udp ports used by nmbd.

3. What is the workgroup name of samba server?

4. Find the exact version of samba server by using appropriate nmap script.

5. Find the exact version of samba server by using smb_version metasploit module.

6. What is the NetBIOS computer name of samba server? Use appropriate nmap scripts.

7. Find the NetBIOS computer name of samba server using nmblookup

8. Using smbclient determine whether anonymous connection (null session) is allowed on the samba server or not.

9. Using rpcclient determine whether anonymous connection (null session) is allowed on the samba server or not.

Tools

• Nmap

• Metasploit

• nmblookup

• smbclient

• rpcclient

Writeup

Default TCP Ports Used by smbd

nmap -p 139,445 demo.ine.local

Default UDP Ports Used by nmbd

nmap -sU -p 137,138 demo.ine.local

Workgroup Name of Samba Server

nmap -p 445 --script smb-os-discovery demo.ine.local

Exact Samba Version (Nmap)

nmap -p 445 --script smb-protocols,smb-os-discovery demo.ine.local

Exact Samba Version (Metasploit)

msfconsole

use auxiliary/scanner/smb/smb_version

set RHOSTS demo.ine.local

run

NetBIOS Computer Name (Nmap)

nmap -p 445 --script smb-os-discovery demo.ine.local

NetBIOS Computer Name (nmblookup)

nmblookup -A demo.ine.local

Check Anonymous Login (smbclient)

smbclient -L //demo.ine.local -N

Check Anonymous Login (rpcclient)

rpcclient -U "" -N demo.ine.local -c 'enumdomusers'