smbmap -R doesn't list all dirs (missing Groups)

I am doing Active and ran this command, but the Groups dir was not enumerated:

smbmap -H 10.10.10.100 -R Replication
…snip…
.\Replication\active.htb\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Preferences*
dr–r–r-- 0 Sat Jul 21 06:37:44 2018 .
dr–r–r-- 0 Sat Jul 21 06:37:44 2018 …
dr–r–r-- 0 Sat Jul 21 06:37:44 2018 Groups
…snip…

IPPSec ran the same thing but it returned the Groups dir with the groups.xml file shown.

I checked it with smbclient and Groups is accessible and groups.xml is there.

smb: \active.htb\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Preferences\Groups> ls
. D 0 Sat Jul 21 06:37:44 2018
… D 0 Sat Jul 21 06:37:44 2018
Groups.xml A 533 Wed Jul 18 16:46:06 2018

I did notice that my output looks different from IPPSec’s:
.\active.htb\Policies… (IPPSec)
.\Replication\active.htb\Policies… (mine)

Anyone know why our output looks different and why all of the dirs are not recursively listed?

I found your question because I was experiencing the same issue. This may be an issue with smbmap limiting the -R recursive option to only 5 levels. When I ran ‘smbmap -H 10.10.10.100 -R Replication/active.htb’ the groups.xml file does indeed show up. I’m not sure if this is a change in the newest version of smbmap or if there is a flag to set to drill down further. Either way this is a good thing to know. I will likely write a short script to assist with ensuring all smbmap results are displayed in the future.

Glad it wasn’t just me, thanks! I thought I tried the same thing but now that I think about it I originally left -R blank to search through all dirs and then tested -R Replication to see if it drilled down farther and I don’t think it did. I also thought there had to be a flag but I looked and couldn’t find it.

I realise this is old but just for future students I found that adding a depth flag makes it work: --depth 10