List of commands
smb: \> help ? allinfo altname archive backup blocksize cancel case_sensitive cd chmod chown close del deltree dir du echo exit get getfacl geteas hardlink help history iosize lcd link lock lowercase ls l mask md mget mkdir more mput newer notify open posix posix_encrypt posix_open posix_mkdir posix_rmdir posix_unlink posix_whoami print prompt put pwd q queue quit readlink rd recurse reget rename reput rm rmdir showacls setea setmode scopy stat symlink tar tarmode timeout translate unlock volume vuid wdel logon listconnect showconnect tcon tdis tid utimes logoff .. ! smb: \>
SMBv2
# smbclient -m SMB2 //10.10.113.169/C -U Administrator
Enter WORKGROUP\Administrator's password:
Try "help" to get a list of possible commands.
smb: \> dir
$Recycle.Bin DHS 0 Sat Sep 15 14:19:00 2018
Documents and Settings DHSrn 0 Thu Jan 21 10:19:56 2021
pagefile.sys AHS 1073741824 Tue Feb 16 08:38:41 2021
PerfLogs D 0 Sat Sep 15 14:19:00 2018
Program Files DR 0 Thu Jan 21 07:57:54 2021
Program Files (x86) D 0 Thu Jan 21 07:57:05 2021
ProgramData DH 0 Tue Jan 26 21:36:44 2021
Recovery DHSn 0 Thu Jan 21 10:20:00 2021
Sysmon DHS 0 Wed Jan 27 01:07:41 2021
System Volume Information DHS 0 Thu Jan 21 10:19:32 2021
Tools D 0 Fri Jan 22 02:40:42 2021
Users DR 0 Thu Jan 21 07:57:02 2021
Windows D 0 Tue Jan 26 23:35:51 2021
5101823 blocks of size 4096. 2320221 blocks available
smb: \>
Example
root@X220:~# smbclient -L //10.10.161.243
Enter WORKGROUP\root's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
nt4wrksv Disk
SMB1 disabled -- no workgroup available
root@X220:~# smbclient //10.10.161.243/nt4wrksv
Enter WORKGROUP\root's password:
Try "help" to get a list of possible commands.
smb: \> ls
. D 0 Sun Jul 26 04:46:04 2020
.. D 0 Sun Jul 26 04:46:04 2020
passwords.txt A 98 Sat Jul 25 22:15:33 2020
7735807 blocks of size 4096. 4943723 blocks available
smb: \> get passwords.txt
getting file \passwords.txt of size 98 as passwords.txt (0.0 KiloBytes/sec) (average 0.0 KiloBytes/sec)
smb: \>
Yet another example
# smbclient -L //10.10.114.42
Enter WORKGROUP\root's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
Docs Disk
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
Users Disk Users Share. Do Not Touch!
SMB1 disabled -- no workgroup available
e# smbclient //10.10.114.42/Users
Enter WORKGROUP\root's password:
Try "help" to get a list of possible commands.
smb: \> ls
. DR 0 Fri Mar 12 09:11:49 2021
.. DR 0 Fri Mar 12 09:11:49 2021
Administrator D 0 Fri Mar 12 04:55:48 2021
All Users DHSrn 0 Sat Sep 15 14:28:48 2018
atlbitbucket D 0 Fri Mar 12 05:53:06 2021
bitbucket D 0 Fri Mar 12 09:11:51 2021
Default DHR 0 Fri Mar 12 07:18:03 2021
Default User DHSrn 0 Sat Sep 15 14:28:48 2018
desktop.ini AHS 174 Sat Sep 15 14:16:48 2018
LAB-ADMIN D 0 Fri Mar 12 07:28:14 2021
Public DR 0 Fri Mar 12 04:27:02 2021
15587583 blocks of size 4096. 9635271 blocks available
smb: \>
Practice
>>> THM | Relevant