SMBSpider

Description

Smbspider is a pretty smart when it comes to spidering Windows systems on internal networks. Once you get your hands on some credentials, you can pass them around with smbspider to try spidering systems that the user account has access to.

In many cases, you’ll end up quickly finding all types of sensitive data hanging out on employees’ workstations.

Usage

Syntax

smbspider <OPTIONS>

Options

 Target(s) (required): 

	 -h <host>	 Provide IP address or a text file containing IPs.
			 Supported formats: IP, smb://ip/share, \\ip\share\

 Credentials (required): 

	 -u <user>	 Specify a valid username to authenticate to the system(s).
	 -p <pass>	 Specify the password which goes with the username.
	 -P <hash>	 Use -P to provide password hash if cleartext password isn't known.
	 -d <domain>	 If using a domain account, provide domain name.

 Shares (optional):

	 -s <share>	 Specify shares (separate by comma) or specify "profile" to spider user profiles.
	 -f <file>	 Specify a list of shares from a file.

 Other (optional):

	 -w 		 Avoid verbose output. Output successful spider results to smbspider_host_share_user.txt.
			 This option is HIGHLY recommended if numerous systems are being scanned.
	 -n 		 ** Ignore authentication check prior to spidering.
	 -g <file> 	 Grab (download) files that match strings provided in text file. (Case sensitive.)
			 ** Examples: *assword.doc, *assw*.doc, pass*.xls, etc.

Example

cyborg@cyborg:~$ sudo smbspider -h 192.168.1.17 -u #####-p *******

OR

cyborg@cyborg:~$ sudo smbspider -h ip.txt -u #####-p *******
[sudo] password for cyborg: 

 ********************************************************
 *     		        _     				*
 *    		       | |       //  \\			* 
 *	  ___ _ __ ___ | |__    _\\()//_		*
 *	 / __| '_ ` _ \| '_ \  / //  \\ \ 		*
 *	 \__ \ | | | | | |_) |   |\__/|			*
 *	 |___/_| |_| |_|_.__/				*
 *							*
 * SMB Spider v2.4, Alton Johnson (alton.jx@gmail.com) 	*
 ********************************************************

 [*] Spidering 1 system(s)...

 [*] Attempting to spider smb://192.168.1.7/<user profiles> 
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\1.png
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\2.png
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\3.png
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\4.png
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\5.png
 [*] \\192.168.1.17\C$\Users\Administrator\Documents\6.png




		
		
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?