Attacking SMB via Metasploit and PSexec

Recon

simple scan

nmap -A 10.2.23.46 -vv

TIP: TTL could be handy in enumerating operating systems.

Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25

445 port is open

nmap -p445 — script smb-protocols 10.2.23.46 -vv

Setting up Metasploit.

Setting up smb_login module.

Setting up brute force word lists and auxillary scan.

Identified list of compromised accounts.

Setting up PSexec.

Meterpreter shell.

MITRE ATT&CK

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

No responses yet

Write a response