smbclient

How to use smbclient
smbclient //$IP/$SHARE -U $USER -p $PORT
-I — IP address to connect to

-U — username to use for the connection

-P — password to use for the connection

-N — attempt to connect without a password

-W — domain (or workgroup) to use for the connection

-p — connect to a non-standard port

-c — attempt to execute the supplied command (!!!) on the server (if the user you’re connecting as has permission to do so)

The -p directive is only necessary if working over a non-standard port (e.g., not 445).

If -U is not included, smbclient will use your current (local) username, so probably best to fill something else in. If a password needs to be sent, specify the user as ${USER}%${PASSWORD}.

The interface is reminiscent of old-school FTP clients.
Link to original

Reconnaissance

How to enumerate services and shares using smbclient
Samba services can be enumerated by smbclient using:
smbclient -L $SERVER_NAME -I $IP_ADDRESS
Here $SERVER_NAME is the machine’s NetBIOS domain name, which can be found with enum4linux.
Link to original

Cardboard Iguana Security

Explorer

smbclient

How to use smbclient

Reconnaissance

How to enumerate services and shares using smbclient

Graph View

Backlinks