First of all lets check if share is enable or not by using nmap scan.
$ nmap 10.10.10.103 Starting Nmap 7.70 ( https://nmap.org ) at 2019-02-07 22:03 EST Nmap scan report for 10.10.10.103 Host is up (0.31s latency). Not shown: 987 filtered ports PORT STATE SERVICE -- snip -- 139/tcp open netbios-ssn -- snip --
Here, port netbios port 139 is open. Now, checkout the shares name. For this we have tool in kali linux called `smbclient`.
$ smbclient -L //10.10.10.103 Enter WORKGROUP\root's password: Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin C$ Disk Default share CertEnroll Disk Active Directory Certificate Services share Shares Disk IPC$ IPC Remote IPC NETLOGON Disk Logon server share Operations Disk SYSVOL Disk Logon server share Reconnecting with SMB1 for workgroup listing. Connection to 10.10.10.103 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND) Failed to connect with SMB1 -- no workgroup available
-L will get a list of shares available on a host
So, we have number of shares available. Now, to access those shares we need to have access on those shares.
$ smbmap -H 10.10.10.103 [+] Finding open SMB ports.... [+] User SMB session establishd on 10.10.10.103... [+] IP: 10.10.10.103:445 Name: hostname.local Disk Permissions ---- ----------- [!] Access Denied
Opps! looks like we do not have permission to list permission. Anyway, using this command you will see the permission on each shares. Now, what we can do for checking permission is to manually check them. We can check using following command:
$ smbclient //10.10.10.103/Shares Enter WORKGROUP\root's password: [just hit enter] Try "help" to get a list of possible commands. smb: \> ls . D 0 Tue Jul 3 11:22:32 2018 .. D 0 Tue Jul 3 11:22:32 2018
Do similar for others and see if you can list anything.
Useful link: http://www.madirish.net/59