# Server Message Block Microsoft protocol for sharing files on the local network. It usually relies on NetBIOS for data transport. Uses TCP port 445. If used with NetBIOS the following ports are also used (by NetBIOS): 137, 138, 139. Samba is a popular SMB server for linux which also includes the `smbclient` utility which can be used to connect to a share. For setup instructions for RaspberryPi see [[Setting Up Samba on Raspberry Pi (Not in Docker)]]. Nmap identifies some SMB servers as `microsoft-ds`. [[Impacket#`psexec`|Impacket's psexec script]] can be used to obtain a reverse shell if the user has access to the `ADMIN share. `smbmap` will provide a nice overview of user shares. Example use: ```sh smbmap -u <USERNAME> -p <PASSWORD> -H <HOST> ``` ## Impacket Server ![[Impacket#`smbserver`]] ## Linux Client CLI To list shares on a host use `-L`: ```sh smbclient -L <IP address> ``` Shares with names ending with ` are called administrative shares. To skip password authentication use `-N`. SMB always requires a username. If one is not specified using `-U`, `smbclient` will default to using the username of the current user.[^1] To start an interactive SMB session enter the server address and share name: ```sh smbclient //<IP Address>/<ShareName>/ ``` Once you have a session you can use `ls`, `pwd`, `cd`, and `get` to navigate to directories and get files. [^1]: [[Dancing Write-up#^n98gu9]] ## Hack The Box Machines - [[Dancing Write-up|Dancing]] - [[Tactics Write-Up|Tactics]] - [[Archetype Write-up|Archetype]]