SMB is a network protocol used to provide shared access to files, folders, printers, and other resources over a network. It's primarily used in Windows environments, but Linux systems can interact with SMB using tools like Samba.

It operates over:

• Port 445 (modern SMB — direct over TCP)
• Port 139 (legacy NetBIOS over TCP/IP)

Common SMB Use Cases

• Accessing shared folders across a network
• File reading and writing from remote systems
• Printing via network-shared printers
• Administrative tasks like GPO delivery or log collection
• Used internally by tools like PsExec and Remote Administration features

Authentication in SMB

Before access is granted, the client must authenticate with the server. There are two main authentication methods:

1. NTLM (NT LAN Manager)

• Challenge-response mechanism
• Common in environments without Active Directory or when Kerberos isn't available
• Used as a fallback protocol

2. Kerberos

• Ticket-based system for secure and scalable authentication