Skip to content

pkg smb

Jump to bottom
Jacob Paullus edited this page Apr 17, 2026 · 1 revision

pkg/smb - SMB2/3 Client

Full SMB2/3 client supporting NTLM and Kerberos authentication, share enumeration, file operations, and named pipe access.

Types

Client

type Client struct {
    Session *smb2.Session
    Target  session.Target
    Creds   *session.Credentials
}

PipeAccess

type PipeAccess int

const (
    PipeAccessReadWrite PipeAccess = iota
    PipeAccessRead
    PipeAccessWrite
)

Constructor

func NewClient(target session.Target, creds *session.Credentials) *Client

Connection Methods

Method Signature Description
Connect () error Establish SMB session with auto-negotiated auth (NTLM or Kerberos)
Close () Logoff session, unmount shares, close connection
GetSessionKey () []byte Returns the SMB session key
GetDNSHostName () string Server's DNS hostname from NTLM challenge
GetDNSTreeName () string Forest DNS name from NTLM challenge

Share Operations

Method Signature Description
ListShares () ([]string, error) Enumerate available shares (sorted)
UseShare (name string) error Mount a share as the active working share

File Operations

Method Signature Description
Ls (dir string) ([]os.FileInfo, error) List files in a directory
Cd (dir string) error Change current directory
Get (remoteFile, localFile string) error Download a file
Put (localFile, remoteFile string) error Upload a file
Cat (file string) (string, error) Read file contents as string
Mkdir (dir string) error Create a directory
Rmdir (dir string) error Remove a directory
Rm (file string) error Delete a file
Rename (oldPath, newPath string) error Rename/move a file
Mget (pattern string) error Download files matching a glob pattern
GetCurrentPath () string Return current working directory

Recursive Traversal

type TreeWalkFunc func(path string, info os.FileInfo, err error) error

func (c *Client) Tree(root string, fn TreeWalkFunc) error
client.UseShare("C$")
client.Tree("Users", func(path string, info os.FileInfo, err error) error {
    if err != nil {
        return nil
    }
    fmt.Printf("%s (%d bytes)\n", path, info.Size())
    return nil
})

Named Pipe Operations

Method Signature Description
OpenPipe (name string) (*smb2.File, error) Open a named pipe (mounts IPC$ automatically)
OpenPipeWithAccess (name string, access PipeAccess) (*smb2.File, error) Open with specified access mode

Named pipes are the transport layer for DCE/RPC over SMB.

Example: Enumerate Shares

package main

import (
    "fmt"
    "gopacket/pkg/session"
    "gopacket/pkg/smb"
)

func main() {
    target := session.Target{Host: "10.0.0.5", Port: 445}
    creds := &session.Credentials{
        Domain:   "CORP",
        Username: "admin",
        Password: "Password1",
    }

    client := smb.NewClient(target, creds)
    defer client.Close()

    if err := client.Connect(); err != nil {
        fmt.Printf("[-] %v\n", err)
        return
    }

    shares, err := client.ListShares()
    if err != nil {
        fmt.Printf("[-] %v\n", err)
        return
    }

    for _, share := range shares {
        fmt.Printf("[+] \\\\%s\\%s\n", target.Host, share)
    }
}

Example: Kerberos Authentication

creds := &session.Credentials{
    Domain:      "CORP.LOCAL",
    Username:    "admin",
    UseKerberos: true,
    DCIP:        "10.0.0.1",
}
// Set KRB5CCNAME env var or place admin.ccache in CWD

client := smb.NewClient(session.Target{Host: "dc01.corp.local", Port: 445}, creds)
defer client.Close()
client.Connect() // Authenticates via Kerberos AP-REQ

Clone this wiki locally