SMB
Last updated
Last updated
Server Message Block, a stateful protocol defines extensions to the existing Common Internet File System (CIFS) protocol by introducing new flags, extended requests and responses, and new Information Levels.
SMB can be used for Files, printers, or serial port sharing.
Extensions to the CIFS protocol include:
TCP transport support besides SMB transport.
Clients establish a session with a server and use that session to make a variety of requests to access:
files
printers
inter-process communication (IPC) mechanisms, such as named pipes
A set of SMB messages that are exchanged to perform an operation.
An SMB command is typically identified by a unique command code in the message headers.
These protocols, or dialects, borrow and extend concepts from the Server Message Block (SMB) Version 1.0 Protocol
Information about protocols used by the SMB or use SMB.
We can use commands or packages like smbclient
, crackmapexec
, or impakcet,
etc. to enumerate SMB services in a Windows network environment.
We can use smbclient
to test if null session authentication is enabled:
Use `smbclient` to download files recursively:
We try to understand the SMB protocols by inspecting the Impacket example modules.
Refer to to see a list of extensions to SMBv1.
The SMB 2 Protocol uses Simple and Protected GSS-API Negotiation (SPNEGO), as described in section and specified in and , which in turn can rely on
the Kerberos Protocol Extensions (as specified in ) or
the NT LAN Manager (NTLM) Authentication Protocol (as specified in ).
Refer to .
The Remote Procedure Call Protocol Extensions, as specified in , define an RPC over SMB Protocol or SMB 2 Protocol sequence that can use SMB 2 Protocol named pipes as its underlying transport.