SMB Enumeration

write the code for each step please I just need the codes

SMB - A protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail connections between computers

Check for SMB services using nmap and the ports used for SMB (139 and 445) on the 172.16.250.subnet.

To scan a group of address format is 132.54.0.100-120 or 132.54.10-13,100-120 or 132.54.10, 13, 120 .

To scan group of ports, use the format p 10-100 or p 24,345

As it may be easier to read the output in a file, you can use the oG switch and an file name to port output to a grep readable file or you can use standard out redirection.

From the above you can see which server may use SMB using that server. There may be more than one.

List all the servers by IP which may be SMB servers.

Enum4linux is a tool for enumerating information. It can provide information such as

User listing

Listing of group membership information

Share enumeration

Enum4linux doesnt have man pages but does provide a help page similar to a man page, think about putting this help output in a file you can use for reference. As with most tools there are many switchesLook for one that provides

all simple enumeration

(b)Users

NOTE: Some servers may not allow smb enumeration, remember the discussion about Null-Session.

This provides a lot of data, so you may want to direct it to a file.

Review the file, search for user and service info

What does enum4linux do?

What useful information is available in the file? Remember this may only be a piece of the puzzle.

There are almost always alternate ways to obtain information. See below.

There are prewritten nmap scripts located at usr/share/nmap/scripts on Kali. These scripts provide prewritten scans.

Review all the scripts and then use a filter with the ls command to find only files for smb.

NOTE: Some servers may not allow smb enumeration, remember the discussion about Null-Session.

Scan a different server from the one you used enum4linux on.

Using the format in nmap script= run some of the more interesting scripts to see what you get, remember the focus of the lab. Again, you may want to direct this to a file,

Try scripts that provide user, share and OS info.

Do all servers that use SMB allow access? If any of the SMB server dont allow emumeration, What do you think are the reason?

What users are available on this system that allows SMB enumeration?

What shares are available?

What is the OS of this system?

SMTP Enumeration

SMTP servers are misconfigured all the time and so is a good place to get information

SMTP support many interesting commands:

IBM SMTP Commands Site

ehlo provides you a list of commands a server supports

VRFY ask the server to verify email address, however this generally requires a fully qualified address, such as jdoe@google.com

Locate the mail server on our network and use netcat (nc nv port) or telnet to create a session with it. telnet works just as netcat as you need to provide the server IP and the port.

d)List what services the server supports and try to verify any users email address from user information you have gathered from previous section of the lab. Try an fake name.

Review the overall lab and reflex on the process. Write a brief paragraph on the process you went through in this lab and what the significant of the information you obtained, specifically how it can be used to continue your testing.