# smbclient ```bash smbclient //$IP/$SHARE -U $USER -p $PORT ``` - `-I` - IP address to connect to - `-U` - username to use for the connection - `-P` - password to use for the connection - `-N` - attempt to connect without a password - `-W` - domain (or workgroup) to use for the connection - `-p` - connect to a non-standard port - `-c` - attempt to execute the supplied command (!!!) on the server (if the user you're connecting as has permission to do so) The `-p` directive is only necessary if working over a non-standard port (e.g., *not* 445). If `-U` is not included, smbclient will use your current (local) username, so probably best to fill something else in. If a password needs to be sent, specify the user as `${USER}%${PASSWORD}`. The interface is reminiscent of old-school [[FTP]] clients. ## Reconnaissance Samba services can be enumerated by smbclient using: ```bash smbclient -L $SERVER_NAME -I $IP_ADDRESS ``` Here `$SERVER_NAME` is the machine's NetBIOS domain name, which can be found with [[enum4linux]].