amap v5.4 finished at 2017-12-31 20:13:34
Some protocols can be used to gather information about target hosts. One of those is
the Server Message Block (SMB) protocol. This is a protocol
used for file sharing on
Windows networks. It can also be used for remote management of Windows systems.
A couple of tools can be used to scan systems that use SMB for file sharing. One of
them is
smbmap
, which can be used to list all of the shares being offered up on a sys‐
tem.
Example 3-22
shows a run of
smbmap
against a macOS
system that is using SMB
to share files over the network. Commonly, shares are not offered without any
authentication.
As a result, you have to provide login information in order to get the
shares back. This does have the downside of requiring usernames and passwords to
get the information. If you already
have the username and password, you may not
need to use a tool like
smbmap
.
Example 3-22. Listing file shares using smbmap
root@rosebud:~# smbmap -u kilroy -p obscurePW -H billthecat
[
+
]
Finding open SMB ports....
[
+
]
User SMB session established on billthecat...
[
+
]
IP: billthecat:445 Name: billthecat.lan
Disk
Permissions
---- -----------
IPC
$
NO ACCESS
Macintosh
HD READ ONLY
Ric Messier
'
s Public Folder-1 READ, WRITE
Seagate Backup Plus Drive READ, WRITE
kilroy READ, WRITE
Another tool that will look for these SMB shares and other
information shared using
that protocol is
enum4linux
.
enum4linux
is a script that wraps the programs that
come
with the Samba package, which implements the SMB protocol on Linux. You
can also use those programs directly. As an example, you can use
smbclient
to
interact
with remote systems. This could include getting a list of the shares just as
smbmap
does in
Example 3-22
.
