Translated ['network-services-pentesting/pentesting-smb.md'] to cn

network-services-pentesting/pentesting-smb.md

@@ -28,10 +28,10 @@
 ```
 ### SMB
 
-Server Message Block (`SMB`) 是一种**客户端-服务器**协议，用于管理对文件、整个目录和其他网络资源（如打印机、路由器或网络接口）的访问。该协议的主要应用领域是特定的**Windows**操作系统系列，其网络服务以向下兼容的方式支持SMB - 这意味着具有较新版本的设备可以轻松与安装有较旧Microsoft操作系统的设备进行通信。\
+Server Message Block (`SMB`) 是一种**客户端-服务器**协议，用于管理对文件、整个目录和其他网络资源（如打印机、路由器或网络接口）的访问。该协议的主要应用领域是特定的**Windows**操作系统系列，其网络服务以向下兼容的方式支持SMB - 这意味着具有较新版本的设备可以轻松与安装有较旧的Microsoft操作系统的设备进行通信。\
 通过免费软件项目**Samba**，还可以在Linux和Unix发行版中使用**SMB**，从而实现跨平台的SMB通信。
 
-SMB服务器可以将其本地文件系统的**任意部分作为共享**提供。因此，对客户端可见的**层次结构**部分上**独立于服务器上的结构**。**访问权限**由`访问控制列表`（`ACL`）定义。它们可以根据**`执行`**、**`读取`**和**`完全访问`**等属性以**细粒度的方式**对个别用户或用户组进行控制。**ACL**是基于共享定义的，因此与在服务器上本地分配的权限不对应。
+SMB服务器可以将其本地文件系统的**任意部分作为共享**提供。因此，对客户端可见的**层次结构**部分上独立于服务器上的**结构**。**访问权限**由`访问控制列表`（`ACL`）定义。它们可以根据**`执行`**、**`读取`**和**`完全访问`**等属性以**细粒度的方式**对个别用户或用户组进行控制。**ACL**是基于共享定义的，因此与在服务器上本地分配的权限不对应。
 
 ### IPC$ 共享
 
@@ -47,7 +47,7 @@ SMB服务器可以将其本地文件系统的**任意部分作为共享**提供
 
 ## 什么是NTLM
 
-如果您不知道什么是NTLM，或者想了解它是如何工作和如何滥用它的，您会发现这个关于**NTLM**的页面非常有趣，其中解释了**该协议的工作原理以及您如何利用它：**
+如果您不知道什么是NTLM，或者想了解它是如何工作和如何滥用它的，您会发现这个关于**NTLM**的页面非常有趣，其中解释了**该协议的工作原理以及如何利用它：**
 
 {% content-ref url="../windows-hardening/ntlm/" %}
 [ntlm](../windows-hardening/ntlm/)
@@ -85,15 +85,15 @@ echo "" && sleep .1
 
 To search for exploits, you can use various tools and resources. Here are some common methods:
 
-- **Exploit Databases**: Websites like Exploit-DB, Rapid7, and Metasploit provide extensive databases of known exploits. You can search these databases using relevant keywords or specific vulnerabilities.
+- **Exploit Databases**: There are several online databases that catalog known exploits. Examples include Exploit-DB, Metasploit, and Packet Storm. You can search these databases using relevant keywords or specific vulnerability identifiers.
 
-- **Vulnerability Scanners**: Tools like Nessus, OpenVAS, and Nexpose can scan networks and systems for known vulnerabilities and provide a list of potential exploits.
+- **Vulnerability Scanners**: Tools like Nessus, OpenVAS, and Nexpose can scan your target network or system for known vulnerabilities and provide a list of potential exploits.
 
-- **Security Bulletins**: Software vendors and security organizations often release security bulletins that detail vulnerabilities and their associated exploits. These bulletins can be found on the vendor's website or through security advisory services.
+- **Security Blogs and Forums**: Many security researchers and professionals share their findings and exploits on blogs and forums. Websites like GitHub, Reddit, and Stack Overflow can be valuable sources of information.
 
-- **Exploit Frameworks**: Frameworks like Metasploit offer a wide range of exploits and payloads that can be used for penetration testing. These frameworks provide a command-line interface for searching and executing exploits.
+- **Exploit Frameworks**: Frameworks like Metasploit provide a collection of exploits, payloads, and tools for penetration testing. You can search within these frameworks for specific exploits.
 
-Remember to always use these tools and resources responsibly and with proper authorization. Unauthorized exploitation of vulnerabilities is illegal and unethical.
+Remember, when searching for exploits, it's important to ensure that you have proper authorization and legal permission to perform any testing or exploitation activities.
 ```bash
 msf> search type:exploit platform:windows target:2008 smb
 searchsploit microsoft smb
@@ -189,17 +189,18 @@ It is always recommended to look if you can access to anything, if you don't hav
 
 ```bash
 ```markdown
-## smbclient --no-pass -L //<IP> # 空用户
+```
+smbclient --no-pass -L //<IP> # 空用户
 smbclient -U 'username[%passwd]' -L [--pw-nt-hash] //<IP> # 如果省略密码，将提示输入。使用 --pw-nt-hash，提供的密码是NT哈希值
 
-## smbmap -H <IP> [-P <PORT>] # 空用户
+smbmap -H <IP> [-P <PORT>] # 空用户
 smbmap -u "username" -p "password" -H <IP> [-P <PORT>] # 凭证
 smbmap -u "username" -p "<NT>:<LM>" -H <IP> [-P <PORT>] # Pass-the-Hash
 smbmap -R -u "username" -p "password" -H <IP> [-P <PORT>] # 递归列表
 
-## crackmapexec smb <IP> -u '' -p '' --shares # 空用户
-crackmapexec smb <IP> -u 'username' -p 'password' --shares # Guest用户
-crackmapexec smb <IP> -u 'username' -H '<HASH>' --shares # Guest用户
+crackmapexec smb <IP> -u '' -p '' --shares # 空用户
+crackmapexec smb <IP> -u 'username' -p 'password' --shares # 访客用户
+crackmapexec smb <IP> -u 'username' -H '<HASH>' --shares # 访客用户
 ```
 ```
 
@@ -319,7 +320,7 @@ sudo smbmap -R 文件夹 -H <IP> -A <文件名> -q # 以递归模式搜索文件
 
 ```bash
 # 下载全部文件
-smbclient //<IP>/<共享目录>
+smbclient //<IP>/<share>
 > mask ""
 > recurse
 > prompt
@@ -624,9 +625,9 @@ In **kali** it is located on /usr/share/doc/python3-impacket/examples/
 **This is not recommended, you could block an account if you exceed the maximum allowed tries**
 
 ```bash
-```shell
+```
 nmap --script smb-brute -p 445 <IP>
-ridenum.py <IP> 500 50000 /root/passwds.txt #使用ridenum.py脚本对rid进行暴力破解，然后尝试对每个用户名进行暴力破解
+ridenum.py <IP> 500 50000 /root/passwds.txt #使用ridenum.py脚本对RID进行暴力破解，然后尝试对每个用户名进行暴力破解
 ```
 ```
 
@@ -716,7 +717,7 @@ https://book.hacktricks.xyz/pentesting/pentesting-smb
 条目4：
 名称：Nmap SMB扫描2
 描述：使用Nmap进行SMB漏洞扫描（不太具体）
-命令：nmap --script smb-vuln* -Pn -p 139,445 {IP}
+命令：nmap --script 'smb-vuln*' -Pn -p 139,445 {IP}
 
 条目5：
 名称：Hydra暴力破解
@@ -724,7 +725,7 @@ https://book.hacktricks.xyz/pentesting/pentesting-smb
 命令：hydra -t 1 -V -f -l {Username} -P {Big_Passwordlist} {IP} smb
 
 条目6：
-名称：SMB/SMB2 139/445无需运行msfconsole的mfs枚举
+名称：SMB/SMB2 139/445无需运行msfconsole的MFS枚举
 描述：SMB/SMB2 139/445枚举，无需运行msfconsole
 注意：来源于https://github.com/carlospolop/legion
 命令：msfconsole -q -x 'use auxiliary/scanner/smb/smb_version; set RHOSTS {IP}; set RPORT 139; run; exit' && msfconsole -q -x 'use auxiliary/scanner/smb/smb2; set RHOSTS {IP}; set RPORT 139; run; exit' && msfconsole -q -x 'use auxiliary/scanner/smb/smb_version; set RHOSTS {IP}; set RPORT 445; run; exit' && msfconsole -q -x 'use auxiliary/scanner/smb/smb2; set RHOSTS {IP}; set RPORT 445; run; exit'