drwxr-xr-x 8 root root 4096 Dec 14 2017 SMB and RPC Enumeration drwxr-xr-x 8 root root 4096 Dec 14 2017 Web Enumeration drwxr-xr-x 8 root root 4096 Dec 14 2017 Linux PrivEsc drwxr-xr-x 8 root root 4096 Jun 15 2021 Linux Commands drwxr-xr-x 8 root root 4096 Feb 24 2022 DDoS SMB TL;DR You can grab and parse these commands from this page using cURL: curl -s https://harfordcda.neocities.org/smb.html | sed 's/<[^>]*>//g ; /^$/d'| tr -s '\n' '\n' | sed -r /^r?$/d > smb.txt

                             _ooOoo_
                            o8888888o
                            88" . "88
                            (| -_- |)
                            O\  =  /O
                         ____/`---'\____
                       .'  \\|     |//  `.
                      /  \\|||  :  |||//  \
                     /  _||||| -:- |||||-  \
                     |   | \\\  -  /// |   |
                     | \_|  ''\---/''  |   |
                     \  .-\__  `-`  ___/-. /
                   ___`. .'  /--.--\  `. . __
                ."" '<  `.___\_<|>_/___.'  >'"".
               | | :  `- \`.;`\ _ /`;.`/ - ` : | |
               \  \ `-.   \_ __\ /__ _/   .-` /  /
          ======`-.____`-.___\_____/___.-`____.-'======
                             `=---='
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Type help for a list of interactive commands.
#################################### RPC & NetBios & SMB commands #################################### #RPC# apt-get install rpcbind rpcinfo -p host rpclient -U "" -N ip rpclient -U "username" [ip] #prompts for password #SMB# #Linux lookup nmblookup -A ip #Windows lookup nbtstat -A ip #Check for shares echo exit | smbclient -L \\\\ip smbclient -L \\ip -U "" #SMB connect with user name smbclient -U user \\\\Server\\Share #From windows cli net use \\ip\ipc$ "" /u:" #SMB with password smbclient \\\\server\\share -U 'username%password' #smbmap smbmap -u username -p password -H ip enum4linux ip #################################### nmap NSE SMB scripts #################################### nmnap --script smb-vuln* -p139,445 ip nmap --script smb-enum-* -p139,445 ip #################################### rcpclient can be used to interact with RPC #################################### querydispinfo and enumdomusers queryuser [0xrid] queryusergroups [0xrid] lookupnames [username] #################################### Brute force SMB login #################################### #Metasploit# sf5 > use auxiliary/scanner/smb/smb_login msf5 auxiliary(scanner/smb/smb_login) > set pass_file wordlist pass_file => wordlist msf5 auxiliary(scanner/smb/smb_login) > set USER_file userlist USER_file => userlist msf5 auxiliary(scanner/smb/smb_login) > set RHOSTS host nmap --script smb-brute -p 445 [ip] hydra -l [username] -P /password/path [ip] smb -t 1