SMB (139-445)

Server Message Block.

Last updated 4 months ago

Was this helpful?

SMB (139-445)

Server Message Block.

Protocol Information

SMB (Server Message Block) is a network protocol that enables the sharing of files, printers and other resources among devices within a network. Used primarily in Windows systems, SMB allows users and applications to access remote files as if they were local and supports features such as authentication, permission management, and access control. SMB uses port 445 (TCP). However, SMB was originally run on NetBIOS using port 139. NetBIOS is an independent session-level service and protocol that allows computers on a local network to communicate with each other. While modern implementations of SMB can run without NetBIOS, NetBIOS over TCP (NBT) is required for backward compatibility and is often enabled together.

There is 3 version of SMB: SMBv1 susceptible to known attacks (Eternal blue, wanna cry), SMBv2 and SMBv3 that uses encryption and is more secure.

SAMBA is the open source Linux implementation of SMB.

Port

445 TCP

Newer versions of SMB (after Windows 2000)

139 TCP

NBSession

Config File

/etc/samba/smb.conf

Interact

If anonymous access is enabled, it's possible log in with username “” and password “”. Or try with guest and "".

net use n: \\<IP>\<SHARE>
net use n: \\<IP>\<SHARE> /user:<USER> <PASSWORD>

sudo apt install cifs-utils

sudo mkdir <MyDir>
sudo mount -t cifs -o username=<USERNAME>,password=<PASSWORD>[,domain=.] //<IP>/<SHARE> <MyDir>

Tool

Details

For enumeration smbmap [-u <USER> -p <PASS> -d <DOMAIN>] -H <IP>

For enumeration enum4linux [-u <USER> -p <PASS> -w <DOMAIN>] -A <IP>

smbclient

Accessing and interacting smbclient [-N or -U <USER>] -L <IP> smbclient [-N or -U <USER>] //<IP>/<SHARE>

Searching in shares nxc smb <IP> -u <USER> -p <PASS> --shares nxc smb <IP> -u <USER> -p <PASS> --spider '<SHARE>' --regex '<REGEX>'

nxc smb <IP> -u <USER> -p <PASS> -M spider_plus (try again if there are errors)

Attacks

CVE-2017-0144

EternalBlue exploits a flaw in the SMBv1 protocol. By exploiting this flaw, an attacker can send malicious data to the victim system via an SMBv1 connection, causing a condition that allows them to take control of the target system, executing malicious code without any need for authentication and with system privileges.