Attacking SMB via Metasploit and PSexec

--

Recon

simple scan

nmap -A 10.2.23.46 -vv

TIP: TTL could be handy in enumerating operating systems.

Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25

445 port is open

nmap -p445 — script smb-protocols 10.2.23.46 -vv

Setting up Metasploit.

Setting up smb_login module.

Setting up brute force word lists and auxillary scan.

Identified list of compromised accounts.

Setting up PSexec.

Meterpreter shell.

MITRE ATT&CK

PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.

--

--