Interacting with SMB

Windows

Using GUI

• [windows]+R

• paste \\192.168.220.129\Finance\

Using CMD

Using DIR command

C:\htb> dir \\192.168.220.129\Finance\

Connecting using net use

C:\htb> net use n: \\192.168.220.129\Finance
C:\htb> net use n: \\192.168.220.129\Finance /user:plaintext Password123

Counting how many files

C:\htb> dir n: /a-d /s /b | find /c ":\"

Finding filenames

C:\htb>dir n:\*cred* /s /b

n:\Contracts\private\credentials.txt

Finding files with keywords

c:\htb>findstr /s /i cred n:\*.*

n:\Contracts\private\secret.txt:file with all credentials
n:\Contracts\private\credentials.txt:admin:SecureCredentials!

Using PowerShell

Get-ChildItem command

PS C:\htb> Get-ChildItem \\192.168.220.129\Finance\

    Directory: \\192.168.220.129\Finance

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         2/23/2022   3:27 PM                Contracts

New-PSDrive Command

PS C:\htb> New-PSDrive -Name "N" -Root "\\192.168.220.129\Finance" -PSProvider "FileSystem"

Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
----           ---------     --------- --------      ----                                               ---------------
N                                      FileSystem    \\192.168.220.129\Finance

PS C:\htb> $username = 'plaintext'
PS C:\htb> $password = 'Password123'
PS C:\htb> $secpassword = ConvertTo-SecureString $password -AsPlainText -Force
PS C:\htb> $cred = New-Object System.Management.Automation.PSCredential $username, $secpassword
PS C:\htb> New-PSDrive -Name "N" -Root "\\192.168.220.129\Finance" -PSProvider "FileSystem" -Credential $cred

Name           Used (GB)     Free (GB) Provider      Root                                                              CurrentLocation
----           ---------     --------- --------      ----                                                              ---------------
N                                      FileSystem    \\192.168.220.129\Finance

Counting how many files

PS C:\htb> N:
PS N:\> (Get-ChildItem -File -Recurse | Measure-Object).Count

Finding filenames

PS C:\htb> Get-ChildItem -Recurse -Path N:\ -Include *cred* -File

Finding files with keywords

PS C:\htb> Get-ChildItem -Recurse -Path N:\ | Select-String "cred" -List

Linux

Mounting with username and password

$ sudo apt install cifs-utils
$ sudo mkdir /mnt/Finance
$ sudo mount -t cifs -o username=plaintext,password=Password123,domain=. //192.168.220.129/Finance /mnt/Finance

Mounting with credential file

$ cat credentialfile

username=plaintext
password=Password123
domain=.

$ mount -t cifs //192.168.220.129/Finance /mnt/Finance -o credentials=/path/credentialfile

Finding Filenames

$ find /mnt/Finance/ -name *cred*

Finding Files with keywords

$ grep -rn /mnt/Finance/ -ie cred