Skip to content

METASPLOIT – How to find Windows 7 File Shares (SMB or Server Message Block Scanning)


Step 1 – Open msfconsole

Applications > BackTrack > Exploitation Tools > Network Exploitation Tools

Metasploit Framework > msfconsole


There are 4 ways to use Metasploit – but full power is via MSFCONSOLE.

Step 2 – US

use scanner/smb/smb_version

show options

Step 3 – USSR


BT smb scanuse scanner

Actual commands used

use scanner/smb/smb_version

set RHOSTS (eg IP of your target)




RESULTS of SMB or Windows File Share Scan

Backtrack and Plaintext Output of the BackTrack Picture:

BT smb results

smb results

That’s it!! Dead simple.

So what did we find?

The attack identified a Windows File Share – on IP

And that the machine is running Windows 7 Home Premium.

It’s that easy.


Use Netstat -ano  to see  port 445

  • Go to the command prompt (Start>Run>cmd) of the target laptop
  • Enter netstat -ano
  • You will get a report of Active Connections
  • Report includes: Protocol, Local Address, Foreign Address, State, PID
  • e.g.Write down the PID (process identifier) associated with port 445 (Also note the Local Address, Foreign Address, Protocol and State.)
    • Proto Local Address Foreign Address State PID
    • UDP *:* 445
  • Next, start the Windows Task Manager
  • Select the Processes tab in Task Manager
  • Search for the PID you wrote down previously
  • netstat parameter -s displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6


***Full Credit to the works of:

KENNEDY, D et al.  2011.   Metasploit The Penetration Testers Guide.   No Starch Press: San Francisco.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: