Em redes de computadores, o Server Message Block (SMB), em português Bloco de Mensagem de Servidor, uma versão do que era também conhecido como Common Internet File System (CIFS), em português Sistema de Arquivos da Internet Comum, opera como um protocolo de rede da camada de aplicação usado principalmente para fornecer acesso compartilhado a arquivos, impressoras e portas seriais e comunicações diversas entre nós sobre uma rede.
O smbmap faz um scan dos diretórios do SMB. basicamente.
Para instalar, vá até à pasta Ferramentas/Arquivos e descompacte o arquivo smbmap-master.zip. Após isso rode:
python3 -m pip install -r requirements.txt
optional arguments:
-h, --help show this help message and exit
Main arguments:
-H HOST IP of host
--host-file FILE File containing a list of hosts
-u USERNAME Username, if omitted null session assumed
-p PASSWORD Password or NTLM hash
--prompt Prompt for a password
-s SHARE Specify a share (default C$), ex 'C$'
-d DOMAIN Domain name (default WORKGROUP)
-P PORT SMB port (default 445)
-v Return the OS version of the remote host
--admin Just report if the user is an admin
--no-banner Removes the banner from the top of the output
Command Execution:
Options for executing commands on the specified host
-x COMMAND Execute a command ex. 'ipconfig /all'
--mode CMDMODE Set the execution method, wmi or psexec, default wmi
Shard drive Search:
Options for searching/enumerating the share of the specified host(s)
-L List all drives on the specified host, requires ADMIN
rights.
-R [PATH] Recursively list dirs, and files (no share\path lists
ALL shares), ex. 'C$\Finance'
-r [PATH] List contents of directory, default is to list root of
all shares, ex. -r 'C$\Documents and
Settings\Administrator\Documents'
-A PATTERN Define a file name pattern (regex) that auto downloads
a file on a match (requires -R or -r), not case
sensitive, ex '(web|global).(asax|config)'
-g FILE Output to a file in a grep friendly format, used with
-r or -R (otherwise it outputs nothing), ex -g
grep_out.txt
--csv FILE Output to a CSV file, used with -r or -R (otherwise it
outputs nothing), ex --csv shares.csv
--dir-only List only directories, ommit files.
--no-write-check Skip check to see if drive grants WRITE access.
-q Quiet verbose output. Only shows shares you have READ
or WRITE on, and suppresses file listing when
performing a search (-A).
--depth DEPTH Traverse a directory tree to a specific depth. Default
is 5.
--exclude SHARE [SHARE ...]
Exclude share(s) from searching and listing, ex.
--exclude ADMIN$ C$'
File Content Search:
Options for searching the content of files (must run as root), kind of experimental
-F PATTERN File content search, -F '[Pp]assword' (requires admin
access to execute commands, and PowerShell on victim
host)
--search-path PATH Specify drive/path to search (used with -F, default
C:\Users), ex 'D:\HR\'
--search-timeout TIMEOUT
Specifcy a timeout (in seconds) before the file search
job gets killed. Default is 300 seconds.
Filesystem interaction:
Options for interacting with the specified host's filesystem
--download PATH Download a file from the remote system,
ex.'C$\temp\passwords.txt'
--upload SRC DST Upload a file to the remote system ex.
'/tmp/payload.exe C$\temp\payload.exe'
--delete PATH TO FILE
Delete a remote file, ex. 'C$\temp\msf.exe'
--skip Skip delete file confirmation prompt
Para visualizar os arquivos recursivamente:
python3 smbmap.py -H 10.10.202.212 -R