Attacking SMB via Metasploit and PSexec


simple scan

nmap -A -vv

TIP: TTL could be handy in enumerating operating systems.

Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25

445 port is open

nmap -p445 — script smb-protocols -vv

Setting up Metasploit.

Setting up smb_login module.

Setting up brute force word lists and auxillary scan.

Identified list of compromised accounts.

Setting up PSexec.

Meterpreter shell.


PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.