smb (server message block). smb is a protocol used by windows based computers that allows systems within the same network to transfer or share files. it allows computers connected to the same network or domain to access files from other local computers as easily as if they were on the computer’s local hard drive.
smb works on port numbers port 139 and 445.
port 139: smb originally ran on top of NETBIOS using port 139. NETBIOS is an older transport layer that allows windows computers to talk to each other on the same network.
port 445: latest versions of smb (after windows 2000) began to use port 445 on top of a tcp stack. using TCP allows SMB to work over the internet.
smb-os-discovery.nse
Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). This is done by starting a session with the anonymous account (or with a proper user account, if one is given; it likely doesn’t make a difference); in response to a session starting, the server will send back all this information.
script: sudo nmap — script smb-os-discovery <target>
smb2-capabilities.nse
Attempts to list the supported capabilities in a SMBv2 server for each enabled dialect.
script: sudo nmap — script smb2-capabilities <target>
smb2-time.nse
Attempts to obtain the current system date and the start date of a SMB2 server.
script: sudo nmap -p 445,139 — script smb2-time <target>
smb-security-mode.nse
Returns information about the SMB security level determined by SMB.
script: sudo nmap — script smb-security-mode <target>
smb-protocols.nse
Attempts to list the supported protocols and dialects of a SMB server.
script: sudo nmap — script smb-protocols <target>
smb-vuln-ms17–010.nse
Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms17–010, a.k.a. EternalBlue). The vulnerability is actively exploited by WannaCry and Petya ransomware and other malware.
script: sudo nmap — script smb-vuln-ms17–010 <target>
smb-enum-shares.nse
Attempts to list shares
script: sudo nmap — script smb-enum-shares <target>
for more Blog articles and Training Sessions click Here
