SMB Shares - Enumeration
ID: smb-shares
Severity: low
Author: pussycat0x
Tags: js,network,smb,enum,auth
Description
Section titled “Description”Attempts to list shares using the srvsvc.NetShareEnumAll MSRPC function and retrieve more information about them using srvsvc.NetShareGetInfo. If access to those functions is denied, a list of common share names are checked.
YAML Source
Section titled “YAML Source”id: smb-shares
info: name: SMB Shares - Enumeration author: pussycat0x severity: low description: | Attempts to list shares using the srvsvc.NetShareEnumAll MSRPC function and retrieve more information about them using srvsvc.NetShareGetInfo. If access to those functions is denied, a list of common share names are checked. reference: - https://nmap.org/nsedoc/scripts/smb-enum-shares.html metadata: verified: true max-request: 1 shodan-query: port:445 product: dionaea vendor: dionaea tags: js,network,smb,enum,auth
javascript: - pre-condition: | isPortOpen(Host,Port); code: | var m = require("nuclei/smb"); var c = m.SMBClient(); var response = c.ListShares(Host, Port, User, Pass); Export(response);
args: Host: "{{Host}}" Port: "445" User: "{{usernames}}" Pass: "{{passwords}}" attack: clusterbomb payloads: usernames: - ' ' - 'admin' - 'administrator' - 'guest' passwords: - ' ' - 'admin' - 'password' - 'guest'
stop-at-first-match: true matchers: - type: dsl dsl: - 'response != "[]"' - 'success == true' condition: and
extractors: - type: dsl dsl: - response# digest: 4a0a004730450221009ff62c2b2da9a8070387407dcf107bc5c8810495d25bf548b03aaea81d4a09fa0220452c7cbd98e1898723f97e86c46596b5f6414ac8bce0b487f827da2ddb11916b:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "javascript/misconfiguration/smb/smb-shares.yaml"