Published on January 17, 2025
The Server Message Block (SMB) protocol is a network protocol used for sharing files, printers, and resources between devices. Operating over TCP port 445, SMB is deeply integrated into Windows environments and often coupled with Active Directory. While crucial for resource sharing, SMB has a history of vulnerabilities, including those exploited by attacks like EternalBlue.
NetBIOS (Network Basic Input/Output System) is a session-layer protocol facilitating communication between devices on local networks. It uses UDP ports 137 and 138, as well as TCP port 139. While modern SMB implementations can operate without NetBIOS, it remains enabled in many environments for backward compatibility.
Nmap is a versatile tool for enumerating SMB and NetBIOS services. Here are some useful commands:
nmap -v -p 139,445 <target-IP-range>nmap --script smb-os-discovery -p 139,445 <target-IP>nmap --script smb-enum-shares -p 445 <target-IP>nbtscan is a specialized tool for querying NetBIOS services and retrieving valuable information like NetBIOS names:
sudo nbtscan -r <target-subnet>Example Output:
IP address NetBIOS Name Server
192.168.50.124 SAMBA <server>
From a Windows client, the net view command lists shared resources on a remote host:
net view \\<hostname> /allBy leveraging tools like Nmap and nbtscan, you can effectively enumerate SMB and NetBIOS services, uncover shared resources, and identify potential vulnerabilities. Always follow ethical and legal guidelines during your assessments.