Attacking SMB via Metasploit and PSexec

Michael Koczwara

Mar 14, 2021

Recon

simple scan

nmap -A 10.2.23.46 -vv

TIP: TTL could be handy in enumerating operating systems.

Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25

Default TTL (Time To Live) Values of Different OS

TTL (Time To Live) is a timer value included in packets sent over networks that tells the recipient how long to hold or…

subinsb.com

445 port is open

nmap -p445 — script smb-protocols 10.2.23.46 -vv

Setting up Metasploit.

Setting up smb_login module.

Setting up brute force word lists and auxillary scan.

Identified list of compromised accounts.

Setting up PSexec.

Meterpreter shell.

MITRE ATT&CK

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.

PsExec

General Information Getting Started Training ATT&CKcon Working with ATT&CK FAQ Updates Versions of ATT&CK Related…

attack.mitre.org

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Penetration Testing

Ethical Hacking

Written by Michael Koczwara

Threat Researcher

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Recommended from Medium

TryHackMe — Blue | Walkthrough (THM)

Z3pH7

TryHackMe — Blue | Walkthrough (THM)

Hi everyone! This article is about exploiting misconfigurations in Windows. We’ll take advantage of these vulnerabilities. I hope you find…

Sep 4, 2024

Privilege Escalation with Task Scheduler

Jose Campo

Privilege Escalation with Task Scheduler

When it comes to privilege escalation during penetration testing, many testers immediately look for SeImpersonatePrivilege as the golden…

Nov 27, 2024

Lists

Tech & Tools

23 stories401 saves

Medium's Huge List of Publications Accepting Submissions

414 stories4624 saves

Staff picks

819 stories1638 saves

Natural Language Processing

1964 stories1607 saves

How Attackers Use LSASS to Steal AD Passwords and Hashes

Harikrishnan P

How Attackers Use LSASS to Steal AD Passwords and Hashes

What is lsass

Sep 24, 2024

Reflected XSS protected by CSP, with CSP bypass

codingbolt

Reflected XSS protected by CSP, with CSP bypass

XSS - CSP bypass

Sep 26, 2024

6 Powerful Things You Can Do with nxc [former crackmapexec]

Jose Campo

6 Powerful Things You Can Do with nxc [former crackmapexec]

Pentesting tools have come a long way, and nxc (formerly known as CrackMapExec) remains a favorite among cybersecurity professionals. Its…

Nov 13, 2024

Master C&C from Userland to Kernel Mode on Windows (Part 2: C2 over QUIC )

In

OSINT Team

by

Abdellaoui Ahmed

Master C&C from Userland to Kernel Mode on Windows (Part 2: C2 over QUIC )

Hello everybody, today i will talk about how to use QUIC protocol as command and control channel during your red team engagement.

Dec 2, 2024

See more recommendations

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams