Access SMB servers auth-free
The Internet is full of SMB Servers without authentication!
The SMB (Server Message Block) protocol is a network protocol used for sharing files, printers, and other network resources between computers.
It is commonly used in Windows systems, 445 is the default port number used by the SMB protocol for communication between network devices.
The SMB authentication-free setup allows devices to access shared resources without requiring any authentication.
This means that devices can access shared files or printers without having to enter a username or password.
Searching SMB servers
You can search SMB servers with simple research on Shodan, port:445.
But to filter results for viewing if authentication is disabled, an SMB server replies with the banner Authentication: disabled.
So, here is the shodan query: port:445 "Authentication: disabled" (Also "SMB Status: Authentication: disabled")
More than 346K results, that's a lot of data!
Remember that you can filter data by a specific hostname, organization name, country and more.
However, the results reported by Shodan are not always truly accessible.
If you want to be sure, you can filter the data by the name of the share, for example, "Users", the most common.
[*] shodan_results.png
Connecting to an SMB server without authentication
install the package samba or samba-client (available on most of the common package managers).
After installing the package you can connect with the following command:
smbclient -N \\\\{address}\\{share name}
you can find the share name in the response of the server reported by Shodan, but still if you want to enumerate the shares do:
smbclient -L {address} (if ask for a password press enter)
in our last case I'll use "Users" as an example in the image below.
[*] smb_connnection.png
If you don't know SMB commands type help to view a list of all available commands, then type help [command] to see a specific description command