🖥️smbclient

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the smbclient command with important options and switches using examples.

3 minute read

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                ███████╗███╗   ███╗██████╗  ██████╗██╗     ██╗███████╗███╗   ██╗████████╗
#                ██╔════╝████╗ ████║██╔══██╗██╔════╝██║     ██║██╔════╝████╗  ██║╚══██╔══╝
#                ███████╗██╔████╔██║██████╔╝██║     ██║     ██║█████╗  ██╔██╗ ██║   ██║   
#                ╚════██║██║╚██╔╝██║██╔══██╗██║     ██║     ██║██╔══╝  ██║╚██╗██║   ██║   
#                ███████║██║ ╚═╝ ██║██████╔╝╚██████╗███████╗██║███████╗██║ ╚████║   ██║   
#                ╚══════╝╚═╝     ╚═╝╚═════╝  ╚═════╝╚══════╝╚═╝╚══════╝╚═╝  ╚═══╝   ╚═╝   
                                                                                         
                                                                                         
# To display public shares on the server:
smbclient -L <hostname> -U%

# To connect to a share:
smbclient //<hostname>/<share> -U<username>%<password>

# Copy file to a Windows/Samba share without mounting it -> This commando copies the file (which must reside in the current directory) to //<server>/<share-name>/<subdirectory>/<file> through the CIFS protocol (Samba share or Windows Share). It doesn't require you to mount the filesystem first. --directory "<subdirectory>" may be omitted in order to copy the file the the root of the share. The "%password" part may also be omitted. If doing so, smbclient will ask for the password interactively. To copy a file from a Windows/Samba share, change "put" for "get". smbclient --user=user%password --directory "&lt;subdirectory&gt;" --command "get &lt;file&gt;" //&lt;server&gt;/&lt;share-name&gt; Show Sample Output
smbclient --user=user%password --directory "<subdirectory>" --command "put <file>" //<server>/<share-name>

# List shares on a machine using NULL Session
smbclient -L target-IP

# List shares on a machine using a valid username + password
smbclient -L target-IP -U usernmame%password

# List files on a specific share
smbclient //target-IP/share$ -c 'ls' password -U username

# List files on a specific share folder inside the share
smbclient //target-IP/share$ -c 'cd folder; ls' password -U username

# Download a file from a specific share folder
smbclient //target-IP/share$ -c 'cd folder;get desired_file_name' password -U username

# Copy a file to a specific share folder
smbclient //target-IP/share$ -c 'put /var/www/my_local_file.txt .\target_folder\target_file.txt' password -U username

# Create a folder in a specific share folder
smbclient //target-IP/share$ -c 'mkdir .\target_folder\new_folder' password -U username

# Rename a file in a specific share folder
smbclient //target-IP/share$ -c 'rename current_file.txt new_file.txt' password -U username

# nmap - Enum Users
nmap -p 445 --script smb-enum-users target-IP --script-args smbuser=username,smbpass=password

# nmap - Enum Groups
nmap -p 445 --script smb-enum-groups target-IP --script-args smbuser=username,smbpass=password

# nmap - Enum Shares
nmap -p 445 --script smb-enum-shares target-IP --script-args smbuser=username,smbpass=password

# nmap - OS Discovery
nmap -p 445 --script smb-os-discovery target-IP

# nmap - SMB Vulnerabilities on Windows
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms06-025
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms07-029
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms08-067
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms10-054
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms10-061
nmap -p 445 --script smb-os-discovery target-IP smb-vuln-ms17-010
-- Always check for updated list on https://nmap.org/nsedoc/scripts/

# map - Brute Force Accounts (be aware of account lockout!)
nmap p 445 --script smb-brute script-args userdb=user-list.txt,passdb=pass-list.txt target-IP

#==============================##==============================#
# CMD SMBCLIENT						       #
#==============================##==============================#

Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command smbclient in a clear format. This allows users to quickly access the needed information for smbclient without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for smbclient are a valuable resource to work efficiently and purposefully.

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.