-I
— IP address to connect to-U
— username to use for the connection-P
— password to use for the connection-N
— attempt to connect without a password-W
— domain (or workgroup) to use for the connection-p
— connect to a non-standard port-c
— attempt to execute the supplied command (!!!) on the server (if the user you’re connecting as has permission to do so)
The -p
directive is only necessary if working over a non-standard port (e.g., not 445).
If -U
is not included, smbclient will use your current (local) username, so probably best to fill something else in. If a password needs to be sent, specify the user as ${USER}%${PASSWORD}
.
The interface is reminiscent of old-school FTP clients.
Reconnaissance
Samba services can be enumerated by smbclient using:
Here $SERVER_NAME
is the machine’s NetBIOS domain name, which can be found with enum4linux.