# SMB (139-445)
Protocol Information SMB (Server Message Block) is a network protocol that enables the sharing of files, printers and other resources among devices within a network. Used primarily in Windows systems, SMB allows users and applications to access remote files as if they were local and supports features such as authentication, permission management, and access control.\ SMB uses port 445 (TCP). However, SMB was originally run on NetBIOS using port 139. NetBIOS is an independent session-level service and protocol that allows computers on a local network to communicate with each other. While modern implementations of SMB can run without NetBIOS, NetBIOS over TCP (NBT) is required for backward compatibility and is often enabled together. There is **`3 version`** of SMB: **`SMBv1`** susceptible to known attacks (Eternal blue, wanna cry), **`SMBv2`** and **`SMBv3`** that uses encryption and is more secure. **`SAMBA`** is the open source Linux implementation of SMB.
## Port
PortDescription
445 TCPNewer versions of SMB (after Windows 2000)
139 TCPNBSession
## Config File * `/etc/samba/smb.conf` ## Interact If **anonymous access** is enabled, it's possible log in with username `“”` and password `“”`.\ Or try with `guest` and `""`. {% tabs %} {% tab title="Windows" %} {% code overflow="wrap" %} ```powershell net use n: \\\ net use n: \\\ /user: ``` {% endcode %} {% endtab %} {% tab title="Linux" %} ```bash sudo apt install cifs-utils ``` {% code overflow="wrap" %} ```bash sudo mkdir sudo mount -t cifs -o username=,password=[,domain=.] /// ``` {% endcode %} {% endtab %} {% tab title="Tools" %}
ToolDetails
smbmapFor enumeration
smbmap [-u <USER> -p <PASS> -d <DOMAIN>] -H <IP>
enum4linuxFor enumeration
enum4linux [-u <USER> -p <PASS> -w <DOMAIN>] -A <IP>
smbclient

Accessing and interacting
smbclient [-N or -U <USER>] -L <IP>
smbclient [-N or -U <USER>] //<IP>/<SHARE>

impacket-smbclient -k <DOMAIN>/<USER>:<PASS>@<IP/HOSTNAME> (kerberos auth)
Download all file:
recurse ON
prompt OFF
mget *

netexec

Searching in shares
nxc smb <IP> -u <USER> -p <PASS> --shares
nxc smb <IP> -u <USER> -p <PASS> --spider '<SHARE>' --regex '<REGEX>'

nxc smb <IP> -u <USER> -p <PASS> -M spider_plus (try again if there are errors)

{% endtab %} {% endtabs %} ## Attacks ### [EternalBlue (MS17-010)](/rednote/pentesting-process/cve/windows.md#eternalblue) CVE-2017-0144 EternalBlue exploits a flaw in the SMBv1 protocol. By exploiting this flaw, an attacker can send malicious data to the victim system via an SMBv1 connection, causing a condition that allows them to take control of the target system, executing malicious code without any need for authentication and with system privileges. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ivalexev.gitbook.io/rednote/utility/service/smb-139-445.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.