Enumerate Shares (SMB/CIFS)

Enumerate Windows shares and their permissions (see also exploit/windows/shares for tips on exploiting shares).


smbclient

smbclient -L //[HOST]

In order to find out a share permission, try to connect to the desired share. Do not specify any username or password to authenticate with a null session.

smbclient //[HOST]/[SHARE] -U [USERNAME]@[DOMAIN]
Result Description
smb: \> Connected, you have at least READ access.
NT_STATUS_ACCESS_DENIED NO ACCESS

If connected, try to write a file on the remote file system to check for WRITE access:

smb: \> put test.txt
smb: \> ls test.txt

If successful, don’t forget to remove the file:

smb: \> rm test.txt

smbmap

smbmap.py -H [HOST] -u [USERNAME] -p [PASSWORD] -d [DOMAIN]

Do not provide any username or password to authenticate with a null session.

crackmapexec

crackmapexec [HOST/CIDR] -u [USERNAME] -p [PASSWORD] -d [DOMAIN] --shares

Use -u '' -p '' to authenticate with a null session.

Specify a network range to enumerate shares on multiple hosts or specify a file containing a list of targets.