Network Shares

It is possible that unsuspecting users have placed important documents or documents containing passwords in network shares. It is even possible to find .pfx files which are certificates that can potentially be used for authentication or signing. It is therefore useful to browse all the shares to be able to find passwords that can be reused later.

ManSpider :

ManSpider is a tool created in python that allows you to browse network shares and extract different types of information.

# Search for filenames that may contain passwords
manspider 192.168.0.0/24 -f passw password passwd user admin account network login logon cred -d <DOMAIN> -u <USERNAME> -p <PASSWORD>

# Search for XLSX files containing the word "password".
manspider <IP>/<RANGE> -c password -e xlsx -d <DOMAIN> -u <USERNAME> -p <PASSWORD>

# Search for certificates or interesting extensions
manspider <IP>/<RANGE> -e pfx p12 pkcs12 pem key crt cer csr jks keystore key keys der -d <DOMAIN> -u <USERNAME> -p <PASSWORD>

Crackmapexec :

Crackmapexec can also be used under Linux to browse all network shares:

# Browse C$ share and look for files with the name "password"
cme SMB <IP> -u <USERNAME> -p <PASSWORD> --spider C\$ --pattern password

# Browse all shares accessible with the wildcard
cme SMB <IP> -u <USERNAME> -p <PASSWORD> --spider "*" --pattern password

# Export shares as CSV file
> cmedb
> export shares Shares.csv

SMBClient :

smbclient is built into kali and can be used to access shares on the remote computer.

smbclient -L hostname -U domainname\\username

Recursively download a directory using smbclient:

smbclient '\\server\share'
mask ""
recurse ON
prompt OFF
cd 'path\to\remote\dir'
lcd '~/path/to/download/to/'
mget *

SMBMap :

smbmap is a tool built into kali. It can be used to map shares but also to execute commands remotely by specifying the '-x' option.

smbmap -H <IP> -d <DOMAIN> -u <USERNAME> -p <PASSWORD>

PreviousBloodHoundNextPassword Policy

Last updated