smbserver.py

Set up a basic SMB share

$ smbserver.py [sharename] [path/to/share]

$ smbserver.py -comment [my_share] [sharename] [path/to/share]

$ smbserver.py -username [username] -password [password] [sharename] [path/to/share]

$ smbserver.py -hashes [LMHASH]:[NTHASH] [sharename] [path/to/share]

$ smbserver.py [[-ip|--interface-address]] [interface_ip_address] [sharename] [path/to/share]

$ smbserver.py -port [port] [sharename] [path/to/share]

$ smbserver.py -smb2support [sharename] [path/to/share]

$ smbserver.py -outputfile [path/to/output_file] [sharename] [path/to/share]

smbserver.py shareName sharePath [options]

shareName
    The name of the SMB share that will be advertised to clients (e.g., 'SHARE', 'C$').

sharePath
    The local path to the directory that will be exposed as the SMB share.

-debug
    Enables verbose debugging output, useful for troubleshooting connection or authentication issues.

-smb2support
    Enables support for the SMB2 protocol, allowing newer clients to connect using SMB2.

-comment COMMENT
    Sets a comment for the SMB share, visible to clients browsing available shares.

-no-smb-negotiate
    Disables SMB dialect negotiation, forcing the server to accept a specific SMB version (usually SMB1).

-no-smb-challenge
    Prevents the server from sending an NTLM challenge, often used in specific relay scenarios or to prevent hash capture.

-no-smb-encryption
    Disables enforcement of SMB encryption, allowing unencrypted connections. By default, encryption is enforced if supported by the client and server.

-no-smb-signing
    Disables enforcement of SMB signing, allowing unsigned connections. By default, signing is enforced if supported by the client and server.

-username USERNAME
    Specifies a username for required authentication. If not set, anonymous access might be allowed depending on other options.

-password PASSWORD
    Specifies a password for the provided username for required authentication.

-aesKey AESKEY
    Specifies the AES key for Kerberos authentication. Typically used in more advanced scenarios involving Kerberos.

-hashes LMHASH:NTHASH
    Provides LM and NT hashes for authentication instead of a plain-text password. Format is LMhash:NThash (e.g., 'aad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0').

-port PORT
    Specifies the TCP port on which the SMB server will listen. Default is 445.

-no-smb-share-create
    Prevents clients from creating new shares on the server (e.g., if a client attempts to create an 'ADMIN$' share).

The smbserver.py command, part of the Impacket toolkit, is a versatile Python-based implementation of an SMB/CIFS server. Unlike traditional SMB servers like Samba, smbserver.py is designed with a focus on penetration testing and security auditing. It allows users to quickly set up an SMB share from a specified local directory, facilitating file transfers, or more commonly, acting as a honeypot to capture NTLMv1/v2 hashes from connecting clients.

Its lightweight nature and programmatic control make it an ideal tool for scenarios like: serving payloads to compromised systems, collecting authentication material (hashes) from vulnerable clients, or acting as a relay target in NTLM relay attacks. It supports various SMB versions, including SMB2, and offers options for controlling authentication requirements, signing, and encryption, making it highly configurable for different testing environments.

Running smbserver.py on standard ports (like 445) often requires root or elevated privileges.
Exposing file shares can be a security risk if not done carefully, potentially exposing sensitive files or allowing unauthorized file uploads.
When used for hash capturing, be aware that NTLMv1/v2 hashes are vulnerable to offline brute-force attacks if captured. Ensure proper controls are in place.
This tool is primarily for security testing and should not be used as a production-grade SMB server.

smbserver.py is a core component of the Impacket library, a collection of Python classes developed by Core Security Technologies (now Fortra) for programmatic access to network protocols. Impacket and its tools, including smbserver.py, have evolved significantly over the years to adapt to new protocol versions (like SMB2/3) and emerging attack techniques, becoming a de-facto standard in network penetration testing and red team operations due to its flexibility and comprehensive protocol implementation.

smbclient(1), smbd(8), nmbd(8), responder.py