Samba with Linux

Enumeration

With nmap -sV we can do an educated guess if the server is using windows or linux

-
# TCP
nmap $IP -sV -p 139,445

# UDP
nmap $IP -sU --top-port 25 --open

# Via scripts
nmap $IP -p 445 --script smb-os-discovery

Metasploit way

smb version

msfconsole
use auxiliary/scanner/smb/smb_version
set rhosts $IP
run

shares

msfconsole
use auxiliary/scanner/smb/smb_enumshares
set rhosts $IP
run

nmblookup

nmblookup -A $IP

rpcclient

rpcclient -U "" -N $IP

srvinfo

enumdomusers

lookupnames admin

enum4linux

# get OS
enum4linux -o $IP

# get users
enum4linux -U $IP

# get sharelist
enum4linux -S $IP

# smbclient

To connect to smb shares

nmbclient -L $IP -N

nmbclient //$IP/Public -N