SAMBA – SCANNING AND BANNER GRABBING

So you’ve run NMap and you have ports 137-139 or 445 open. This will likely show as being Netbios as the service and Samba as the version.

BANNER GRABBING WITH SMBCLIENT

Banner Grabbing is essentially getting more information about the technology and software versions behind the application you are attempting to exploit.

To attempt a banner grab using SMBClient enter the following into the terminal

smbclient -L //IP.Ad.dr.ess

This will then prompt the user for a password, press return if you suspect there is no password.

smbclient -L //IP.Ad.dr.ess -N

The -N indicates that you do not have a root user and will attempt to connect.

NMAP SCRIPT TO SCAN FOR SMB INFORMATION

The following script allows you to scan the file share to discover more about the hardware and software on which it is running.

Download the script from here:

https://nmap.org/nsedoc/scripts/smb-os-discovery.html

Drop the script into the NMap script directory:

/usr/share/nmap/scripts

Execute the following command in the terminal

nmap --script smb-os-discovery.nse -p 445 IP.Ad.dr.ess

Remember to change the -p port to the port number of the samba share.

The script is not absolutely guaranteed to work – so do not necessarily assume. I have found it will work on some netbios / samba on some targets but by no means all of them.