Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

Server Message Block (SMB)

The SMB protocol is a client-server protocol that regulates access to shared network resources such as files, printers, and other devices. It is primarily used in Windows-based networks but is also supported by other operating systems through implementations like samba. SMB uses TCP port 445 for direct hosting and TCP port 139 for NetBIOS over TCP/IP.SMB supports access control for file shares via ACLs on the server.

Samba

  • Samba is an open-source implementation of the SMB protocol that allows non-Windows systems to share files and printers with Windows clients.
  • Samba uses the CIFS (Common Internet File System) protocol, which is a dialect of SMB.
  • Samba can act as both a file server and a domain controller in a Windows network.

Samba Configuration

  • The main configuration file for Samba is typically stored at /etc/samba/smb.conf.
  • Key sections in the smb.conf file include:
rnemeth@htb[/htb]$ cat /etc/samba/smb.conf | grep -v "#\|\;" 

[global]
   workgroup = DEV.INFREIGHT.HTB
   server string = DEVSMB
   log file = /var/log/samba/log.%m
   max log size = 1000
   logging = file
   panic action = /usr/share/samba/panic-action %d

   server role = standalone server
   obey pam restrictions = yes
   unix password sync = yes

   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
  • In the configuration above, we see global settings and two shares: [printers] and [print$]. Global settings are applied to the entire Samba server, while share definitions specify settings for individual shared resources and can override global settings.

SMB Versions

  • SMB1: The original version of SMB, now considered obsolete and insecure.
  • SMB2: Introduced in Windows Vista and Windows Server 2008, SMB2 brought significant performance improvements and security enhancements.
  • SMB3: Introduced in Windows 8 and Windows Server 2012, SMB3 added features like encryption, improved performance, and better support for virtualized environments.

SMB Security

  • SMB supports various authentication methods, including NTLM and Kerberos.
  • SMB3 introduced encryption to protect data in transit.
  • It is recommended to disable SMB1 due to its vulnerabilities and use SMB2 or SMB3 for better security.
  • Firewalls should be configured to restrict access to SMB ports (139 and 445) to trusted networks only.

Common SMB Commands

  • smbclient: A command-line tool to access SMB/CIFS resources on servers.

      rnemeth@htb[/htb]$ smbclient -N -L //10.129.14.128

          Sharename       Type      Comment
          ---------       ----      -------
          print$          Disk      Printer Drivers
          home            Disk      INFREIGHT Samba
          dev             Disk      DEVenv
          notes           Disk      CheckIT
          IPC$            IPC       IPC Service (DEVSM)
  SMB1 disabled -- no workgroup available
    • Once we have discovered interesting files or folders, we can download them using the get command. Smbclient also allows us to execute local system commands using an exclamation mark at the beginning (!) without interrupting the connection.

  • smbstatus: Displays current Samba connections and open files.

  • smbpasswd: Used to manage Samba user passwords.

  • testparm: Checks the Samba configuration file for syntax errors.