impacket-smbclient

View documentation for the original command

$ tldr smbclient.py

impacket-smbclient [-h] [-debug] [-hashes LMHASH:NTHASH] [-no-pass] [-k] [-aesKey hexkey] [-dc-ip ip address] [-target-ip ip address] [-port [destination port]] [-s [share_name]] [-file [file_name]] [-conf-file [config_file]] [-rdns] [-r] [-c [command]] [-p [path]] [-W [domain]] [-U [username]] [-P [password]]

-h
    Displays the help message and exits.

-debug
    Turns on debug output, providing more verbose information during execution.

-hashes LMHASH:NTHASH
    LMHASH:NTHASH Allows specifying LM and NT hashes for authentication (Pass-the-Hash), bypassing the need for a plaintext password.

-no-pass
    Don't ask for a password (useful for anonymous/null sessions or when using hashes).

-k
    Uses Kerberos authentication instead of NTLM.

-aesKey hexkey
    hexkey The AES key to use for Kerberos authentication (hex string).

-dc-ip ip address
    ip address IP address of the domain controller to use for Kerberos authentication.

-target-ip ip address
    ip address IP address of the target host. This option bypasses DNS resolution and connects directly to the specified IP.

-port [destination port]
    destination port The destination port to connect to on the target host (default is 445).

-s [share_name]
    share_name Specifies the name of the SMB share to connect to directly.

-file [file_name]
    file_name Reads commands from the specified file and executes them in sequence.

-conf-file [config_file]
    config_file Specifies a configuration file to load.

-rdns
    Performs a reverse DNS lookup on the target IP address.

-r
    Used with `del` and `rmdir` commands to perform recursive deletion.

-c [command]
    command Executes a single command directly and then exits.

-p [path]
    path Specifies the initial path within the share to operate on.

-W [domain]
    domain Specifies the domain (or workgroup) to authenticate against.

-U [username]
    username Specifies the username to use for authentication.

-P [password]
    password Specifies the password for authentication. If not provided, the user will be prompted.


    target The IP address or hostname of the SMB server to connect to. This is a mandatory argument.

impacket-smbclient is a powerful Python-based client for interacting with SMB/CIFS (Server Message Block / Common Internet File System) shares. It is part of the widely-used Impacket framework, a collection of Python classes for working with network protocols. Unlike the traditional `smbclient` utility, `impacket-smbclient` is specifically designed with a focus on security assessments, penetration testing, and network forensics. It provides functionalities to authenticate against SMB servers, list available shares, browse directories, upload and download files, create and delete directories, and execute various commands. Its ability to perform Pass-the-Hash, Kerberos authentication, and operate with fine-grained control over authentication parameters makes it an invaluable tool for ethical hackers and security researchers to analyze and exploit SMB vulnerabilities, often in scenarios where direct password access is not available. It can be used both interactively or to execute single commands.

impacket-smbclient is primarily designed for security analysis and penetration testing, offering advanced authentication mechanisms like Pass-the-Hash and Kerberos. While functional as a general SMB client, it may lack some of the user-friendly features or broader protocol support found in the native `smbclient` utility provided by Samba. It is a Python application and requires the Impacket framework to be installed. Misuse of this tool for unauthorized access is illegal and unethical. Users should ensure they have proper authorization before targeting any systems.

When `impacket-smbclient` is invoked without the `-c` option, it enters an interactive shell, allowing users to issue multiple commands against the connected SMB share. Common commands include:
ls / dir: List directory contents.
cd : Change current directory.
get : Download a file from the share.
put : Upload a file to the share.
mkdir : Create a new directory.
rmdir : Remove a directory (use with `-r` for recursive).
del : Delete a file (use with `-r` for recursive).
exit / quit: Exit the client.

impacket-smbclient is a component of the Impacket framework, developed by SecureAuth (later acquired by Core Security). Impacket was created to provide a programmatic way to interact with network protocols, with a strong emphasis on capabilities useful for security research and penetration testing. The `smbclient` module within Impacket was specifically designed to handle the nuances of SMB/CIFS, including its various authentication mechanisms, making it a robust tool for analyzing and exploiting SMB vulnerabilities. Its development has focused on supporting features like Pass-the-Hash, Kerberos, and various NTLM authentication quirks, which are crucial in modern Active Directory environments. Being Python-based, it offers cross-platform compatibility and extensibility.

smbclient(1), rpcclient(1), net(8), nmblookup(1)