Good material for exploiting SMB?

Hi there, I was wondering if anyone has good material where I can learn how to exploit SMB correctly. It’s popped up once or twice for me now and I’ve tended to avoid it, looking for other ways to exploit machines, however i’d like to change that and make it a strength!

If you could post some good links for material, or even tips on things to look out for then i’d really appreciate it!


Some good tools to check out:

impacket (GetUserSPNs and a couple other tools are useful to know)

Use what you can to enumerate available shares, see if you can connect to any anonymously. Poke around all available options and see if you can get any useful information, ssh keys, login credentials, etc.

I’m certainly no expert and I’m sure there’s a lot more to know abut this stuff, but I’ve learned a decent amount about this stuff recently and it’s been helpful.

nullinux is another good SMB enum tool

@Skunkfoot Thanks for the info, I played around with enum4linux yesterday, and i’ll definitely give those other tools a look! Thanks!

@jamesa Cheers for the link, I’ll have a play with that this evening!

Check out the impacket library, the ntlmrelax and smbrelay examples are very useful in exploits against SMB. Inveigh is a nice PowerShell based tool thats useful for SMB/NTLM based attacks.

@wshepherd thanks! I’ll have a look!

Awesome thanks for the nice tips on where to and what to use. ?