- SMB (Server Message Block): Protocol for file sharing, printers, and network communication.
- smbclient: Command-line tool to interact with SMB shares (similar to FTP).
- Share: A network folder or resource exposed via SMB (e.g.,
C$,Documents). - Workgroup/Domain: Network group for shared resources (default:
WORKGROUP).
smbclient [options] //<server>/<share> Replace server with the name or IP address of the server hosting the file share, and share with the name of the file share.
You will be prompted for your username and password for the file share. Once authenticated, you will be presented with a command prompt where you can enter various commands to interact with the file share.
| Option | Description |
|---|---|
-U <user>[%pass] |
Username and password (e.g., -U admin%Password123). |
-W <domain> |
Workgroup/domain name (default: WORKGROUP). |
-I <IP> |
Server IP address (bypasses DNS). |
-p <port> |
Custom port (default: 445 for SMB over TCP/IP). |
-N |
No password prompt (use with empty or guest access). |
-E |
Hide password prompt output. |
-c <command> |
Execute a command non-interactively (e.g., -c 'ls'). |
-A <creds-file> |
Load credentials from a file (format: username = admin, password = pass). |
-m <max-protocol> |
Set max SMB protocol (e.g., -m SMB3). |
-d <debug-level> |
Debug verbosity (0-10). |
Once connected, use these commands:
| Command | Description |
|---|---|
ls |
List files/directories. |
cd <dir> |
Change directory. |
get <file> |
Download a file. |
put <file> |
Upload a file. |
mget <pattern> |
Download multiple files (e.g., mget *.txt). |
mput <pattern> |
Upload multiple files. |
rm <file> |
Delete a file. |
mkdir <dir> |
Create a directory. |
rmdir <dir> |
Delete a directory. |
pwd |
Print current directory. |
recurse |
Toggle recursive mode for mget/mput. |
mask <filter> |
Set a file filter (e.g., mask *.docx). |
tar |
Create/extract tar backups (e.g., tar c backup.tar *). |
exit |
Quit smbclient. |
Anonymous/Guest Access:
smbclient //192.168.1.10/public -N Authenticated Access:
smbclient //192.168.1.10/C$ -U admin%Password123 Specify Domain/Workgroup:
smbclient //SERVER/Share -W CORP -U user%pass Download a File:
smbclient //192.168.1.10/Data -U user%pass -c "get report.docx" Upload All TXT Files:
smbclient //192.168.1.10/Data -U user%pass -c "mask *.txt; recurse; mput *.txt" Delete a File:
smbclient //192.168.1.10/Data -U user%pass -c "rm oldfile.zip" Create a Directory:
smbclient //192.168.1.10/Data -U user%pass -c "mkdir Projects" Recursive Download:
smbclient //192.168.1.10/Data -U user%pass -c "recurse; prompt; mget *" List Shares via Script:
smbclient -L 192.168.1.10 -U admin%Password123 -N -I 192.168.1.10 Backup Directory to Tar:
smbclient //192.168.1.10/Backup -U user%pass -c "tar c backup.tar Documents" Use mount.cifs (Linux) or net use (Windows) for persistent access:
sudo mount -t cifs //192.168.1.10/Data /mnt/share -o user=admin,pass=Password123 Combine with tools like nmap or enum4linux:
enum4linux -S 192.168.1.10 Create creds.txt:
username = admin
password = Password123
domain = CORP Then:
smbclient //192.168.1.10/C$ -A creds.txt - Connection Refused: Check firewall rules, SMB port (445/139), and service status.
- Access Denied: Verify credentials, share permissions, and user privileges.
- Protocol Errors: Use
-m SMB2or-m SMB3to enforce protocol version.