Attacking SMB via Metasploit and PSexec

Michael Koczwara

Mar 14, 2021

--

Recon

simple scan

nmap -A 10.2.23.46 -vv

TIP: TTL could be handy in enumerating operating systems.

Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25

Default TTL (Time To Live) Values of Different OS

TTL (Time To Live) is a timer value included in packets sent over networks that tells the recipient how long to hold or…

subinsb.com

445 port is open

nmap -p445 — script smb-protocols 10.2.23.46 -vv

Setting up Metasploit.

Setting up smb_login module.

Setting up brute force word lists and auxillary scan.

Identified list of compromised accounts.

Setting up PSexec.

Meterpreter shell.

MITRE ATT&CK

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.

PsExec

General Information Getting Started Training ATT&CKcon Working with ATT&CK FAQ Updates Versions of ATT&CK Related…

attack.mitre.org

Penetration Testing

Ethical Hacking

Michael Koczwara

Written by Michael Koczwara

Threat Researcher

Help
Status
About
Careers
Blog
Privacy
Terms
Text to speech
Teams