Server Message Block (SMB)
Last updated
Last updated
Server Message Block (SMB) is a mainly used by equipped computers normally used to share files, printers, serial ports, and miscellaneous communications between on a
Definition: Server Message Block (SMB) is a network protocol used for sharing files, printers, and other resources between computers on a network.
Functionality: SMB facilitates communication between devices for file and printer sharing, as well as providing access to shared resources on a network.
Versions: Various versions of SMB exist, with SMB1 being the oldest and less secure, and newer versions (SMB2, SMB3) offering improved security features and performance enhancements.
Port: SMB typically operates over TCP ports 139 and 445, and it allows users to access shared files and resources on a remote server.
Authentication: SMB supports multiple authentication mechanisms, including user names and passwords, making it essential for securing shared network resources.
Vulnerabilities: Historically, SMB has been susceptible to security vulnerabilities, such as the infamous WannaCry ransomware exploiting a flaw in SMB to spread across networks.
Security Features: Newer versions of SMB include enhanced security features, like message signing and encryption, to mitigate vulnerabilities and protect against unauthorized access.
Common Usage: SMB is commonly used in Windows environments for seamless file and printer sharing, but it is also implemented in other operating systems.
Integration: Many network-attached storage (NAS) devices and file servers use SMB to enable easy access and sharing of files within a local network.
Server Message Block (SMB) uses the following ports:
SMB over NetBIOS (Legacy):
Port 137 (UDP) - NetBIOS name service
Port 138 (UDP) - NetBIOS datagram service
Port 139 (TCP) - NetBIOS session service
SMB over TCP/IP:
Port 445 (TCP) - Used for SMB over TCP without NetBIOS.
Enumeration SMB shares within a windows enviroment via net view.
/all Displays detailed information about shared resources, including hidden ones, on the local computer. Administrative shares ends with $.
Enumerate via Nmap
NMAP NSE Scripts
NBTscan is a program for scanning IP networks for NetBIOS name information. It sends NetBIOS status query to each address in supplied range and lists received information in human readable form. For each responded host it lists IP address, NetBIOS computer name, logged-in user name and MAC address (such as Ethernet).
enum4linux
enum4linux will interact with the target SMB server and attempt to extract information such as user names, group names, shares, policies, and other details.
enum4linux: The command name.
-a: An option that tells enum4linux to perform all possible enumeration tasks.
target_ip: The IP address of the target Windows machine with SMB services.
Resources: