Interacting with SMB

Windows

Using GUI

[windows]+R
paste \\192.168.220.129\Finance\

Using CMD

Using DIR command

C:\htb> dir \\192.168.220.129\Finance\

Connecting using net use

C:\htb> net use n: \\192.168.220.129\Finance
C:\htb> net use n: \\192.168.220.129\Finance /user:plaintext Password123

Counting how many files

C:\htb> dir n: /a-d /s /b | find /c ":\"

Finding filenames

C:\htb>dir n:\*cred* /s /b

n:\Contracts\private\credentials.txt

Finding files with keywords

c:\htb>findstr /s /i cred n:\*.*

n:\Contracts\private\secret.txt:file with all credentials
n:\Contracts\private\credentials.txt:admin:SecureCredentials!

Using PowerShell

Get-ChildItem command

PS C:\htb> Get-ChildItem \\192.168.220.129\Finance\

    Directory: \\192.168.220.129\Finance

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
d-----         2/23/2022   3:27 PM                Contracts

New-PSDrive Command

PS C:\htb> New-PSDrive -Name "N" -Root "\\192.168.220.129\Finance" -PSProvider "FileSystem"

Name           Used (GB)     Free (GB) Provider      Root                                               CurrentLocation
----           ---------     --------- --------      ----                                               ---------------
N                                      FileSystem    \\192.168.220.129\Finance

PS C:\htb> $username = 'plaintext'
PS C:\htb> $password = 'Password123'
PS C:\htb> $secpassword = ConvertTo-SecureString $password -AsPlainText -Force
PS C:\htb> $cred = New-Object System.Management.Automation.PSCredential $username, $secpassword
PS C:\htb> New-PSDrive -Name "N" -Root "\\192.168.220.129\Finance" -PSProvider "FileSystem" -Credential $cred

Name           Used (GB)     Free (GB) Provider      Root                                                              CurrentLocation
----           ---------     --------- --------      ----                                                              ---------------
N                                      FileSystem    \\192.168.220.129\Finance

Counting how many files

PS C:\htb> N:
PS N:\> (Get-ChildItem -File -Recurse | Measure-Object).Count

Finding filenames

PS C:\htb> Get-ChildItem -Recurse -Path N:\ -Include *cred* -File

Finding files with keywords

PS C:\htb> Get-ChildItem -Recurse -Path N:\ | Select-String "cred" -List

Linux

Mounting with username and password

$ sudo apt install cifs-utils
$ sudo mkdir /mnt/Finance
$ sudo mount -t cifs -o username=plaintext,password=Password123,domain=. //192.168.220.129/Finance /mnt/Finance

Mounting with credential file

$ cat credentialfile

username=plaintext
password=Password123
domain=.

$ mount -t cifs //192.168.220.129/Finance /mnt/Finance -o credentials=/path/credentialfile

Finding Filenames

$ find /mnt/Finance/ -name *cred*

Finding Files with keywords

$ grep -rn /mnt/Finance/ -ie cred

PreviousSMB (137,138,139,445)NextSNMP (161,162)

Last updated 2 years ago

hashtagWindows

hashtagUsing GUI

hashtagUsing CMD

hashtagUsing DIR command

hashtagConnecting using net use

hashtagCounting how many files

hashtagFinding filenames

hashtagFinding files with keywords

hashtagUsing PowerShell

hashtagGet-ChildItem command

hashtagNew-PSDrive Command

hashtagCounting how many files

hashtagFinding filenames

hashtagFinding files with keywords

hashtagLinux

hashtagMounting with username and password

hashtagMounting with credential file

hashtagFinding Filenames

hashtagFinding Files with keywords

Windows

Using GUI

Using CMD

Using DIR command

Connecting using net use

Counting how many files

Finding filenames

Finding files with keywords

Using PowerShell

Get-ChildItem command

New-PSDrive Command

Counting how many files

Finding filenames

Finding files with keywords

Linux

Mounting with username and password

Mounting with credential file

Finding Filenames

Finding Files with keywords