Samba Recon: Basics
Lab Environment
In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.
Objective: Answer the following questions:
Find the default tcp ports used by smbd.
Find the default udp ports used by nmbd.
What is the workgroup name of samba server?
Find the exact version of samba server by using appropriate nmap script.
Find the exact version of samba server by using smb_version metasploit module.
What is the NetBIOS computer name of samba server? Use appropriate nmap scripts.
Find the NetBIOS computer name of samba server using nmblookup
Using smbclient determine whether anonymous connection (null session) is allowed on the samba server or not.
Using rpcclient determine whether anonymous connection (null session) is allowed on the samba server or not.
Tools
Nmap
Metasploit
nmblookup
smbclient
rpcclient
Writeup
Default TCP Ports Used by smbd
smbdnmap -p 139,445 demo.ine.local
Default UDP Ports Used by nmbd
nmbdnmap -sU -p 137,138 demo.ine.local
Workgroup Name of Samba Server
nmap -p 445 --script smb-os-discovery demo.ine.local
Exact Samba Version (Nmap)
nmap -p 445 --script smb-protocols,smb-os-discovery demo.ine.local
Exact Samba Version (Metasploit)
msfconsole
use auxiliary/scanner/smb/smb_version
set RHOSTS demo.ine.local
run
NetBIOS Computer Name (Nmap)
nmap -p 445 --script smb-os-discovery demo.ine.local
NetBIOS Computer Name (nmblookup)
nmblookup)nmblookup -A demo.ine.local
Check Anonymous Login (smbclient)
smbclient)smbclient -L //demo.ine.local -N
Check Anonymous Login (rpcclient)
rpcclient)rpcclient -U "" -N demo.ine.local -c 'enumdomusers'
Last updated