smbclient -L \\\\\\\\10.10.10.4\\\\
smbclient -L \\\\10.10.10.4\\
smbclient \\\\\\\\10.10.10.4\\\\
smbclient -L \\\\\\\\10.10.10.4
L: list out all the files that are there.
We are trying blank password. Some cases we try the anonymous and if it works and gives us a list of files that are available there. Then it's bad. That we don't want.
If we got the access we could try to enumerate the shared folder like this
smbclient \\\\\\\\10.10.10.4\\\\$ADMIN
search smb_version # in msfconsole
use auxiliary/scanner/smb/smb_version
options
ser rhosts 10.10.10.4
run
<aside>
💡 If we had more than one host or an entire subnet we could do something like this:
set rhosts 10.10.10.0/24
</aside>
Looking for an Exploit of SMB on Google
"smb windows xp sp3 exploit"
Found this: https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi/