Security Stuff
  • About
  • HackTheBox
    • Windows
      • Forest
      • Escape
      • Timelapse
      • Support
    • Linux
      • TwoMillion
      • Soccer
      • Pollution
      • Pilgrimage
      • Sandworm
  • Windows
    • Authentication
      • Overview
      • Logon
      • Kerberos
      • Credential
    • Active Directory
      • Domain Service
        • LDAP
        • AD Objects
      • Key Distribution Center
      • Certificate Service
    • Windows Protocols
      • SMB
    • Windows Server
      • MSSQL
    • Execution
      • Windows APIs
      • Remote Access
        • WinRM
    • Credential Access
      • Kerberos Ticket
        • Kerberoasting Attack
        • Golden/Silver Ticket Attack
        • AS-REP Roasting Attack
      • OS Credential Dumping
        • DCsync Attack
      • Certified Pre-Owned
  • Linux
    • Management
      • Package
    • Process
      • Namespace
      • Terminal
  • Web
    • Authentication
      • SAML
      • OAuth
    • Enumeration
  • Defense
    • Windows
      • Windows Event Logs
  • Development
    • Programming Language
    • Database
      • MySQL
    • Virtualization
      • Container
    • Cryptography
      • GnuPG
Powered by GitBook
On this page
  • SMB
  • Extensions
  • Session
  • Commands
  • SMBv2/3
  • Extensions
  • Relationship to Other Protocols
  • Overview
  • Authentication
  • The Server Service Remote
  • Remote Procedure Call (RPC)
  • Distributed File System (DFS)
  • Enumeration
  • Null Session Authentication
  • File Sharing
  • Impacket
  1. Windows
  2. Windows Protocols

SMB

PreviousWindows ProtocolsNextWindows Server

Last updated 2 years ago

SMB

Server Message Block, a stateful protocol defines extensions to the existing Common Internet File System (CIFS) protocol by introducing new flags, extended requests and responses, and new Information Levels.

SMB can be used for Files, printers, or serial port sharing.

Extensions

Extensions to the CIFS protocol include:

  • TCP transport support besides SMB transport.

Session

Clients establish a session with a server and use that session to make a variety of requests to access:

  • files

  • printers

  • inter-process communication (IPC) mechanisms, such as named pipes

Commands

A set of SMB messages that are exchanged to perform an operation.

An SMB command is typically identified by a unique command code in the message headers.

SMBv2/3

These protocols, or dialects, borrow and extend concepts from the Server Message Block (SMB) Version 1.0 Protocol

Extensions

Relationship to Other Protocols

Overview

Information about protocols used by the SMB or use SMB.

Authentication

The Server Service Remote

Remote Procedure Call (RPC)

Distributed File System (DFS)

Enumeration

We can use commands or packages like smbclient, crackmapexec, or impakcet, etc. to enumerate SMB services in a Windows network environment.

Null Session Authentication

We can use smbclient to test if null session authentication is enabled:

$ smbclient -N -L '\\host\'

File Sharing

Use `smbclient` to download files recursively:

$ smbclient -N \\\\coder.htb\\Development
smb: \> mask ""
smb: \> recurse
smb: \> prompt
smb: \> mget *

Impacket

We try to understand the SMB protocols by inspecting the Impacket example modules.

Refer to to see a list of extensions to SMBv1.

The SMB 2 Protocol uses Simple and Protected GSS-API Negotiation (SPNEGO), as described in section and specified in and , which in turn can rely on

the Kerberos Protocol Extensions (as specified in ) or

the NT LAN Manager (NTLM) Authentication Protocol (as specified in ).

Refer to .

The Remote Procedure Call Protocol Extensions, as specified in , define an RPC over SMB Protocol or SMB 2 Protocol sequence that can use SMB 2 Protocol named pipes as its underlying transport.

MS-SMB2 - Overview
[MS-AUTHSOD]
2.1.2.3.1
[RFC4178]
[MS-SPNG]
[MS-KILE]
[MS-NLMP]
[MS-SRVS]
[MS-RPCE]
[MS-SMB]: OverviewMicrosoftLearn
Logo
[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3MicrosoftLearn
Logo
[MS-SMB2]: Relationship to Other ProtocolsMicrosoftLearn
Logo