Translate

Thursday 10 October 2019

OSCP- Enumeration SMB


SMB - Simple Message Block- Port 445


Enumeration:

Vulnerability scan

nmap -p 445 -vv --script=smb-vuln-cve2009-3103.nse,smb-vuln-ms06-025.nse,smb-vuln-ms07-029.nse,smb-vuln-ms08-067.nse,smb-vuln-ms10-054.nse,smb-vuln-ms10-061.nse,smb-vuln-ms17-010.nse 10.10.10.10
Users & Shares scan
nmap -p 445 -vv --script=smb-enum-shares.nse,smb-enum-users.nse 10.10.10.10
Enum4linux
enum4linux -a 10.10.10.10
Null connect

rpcclient -U "" 10.10.10.10
To connect to SMB


smbclient //MOUNT/share

smbclient -L <ip>

Wireshark - Analyze the wireshark packets for SMB version and other information



Exploitation:


1) Default password check while connecting to SMB
admin/admin, administrator/administrator, test/test, user/user, etc.,


2) Common Exploits


MS08-067 (windows) - https://www.exploit-db.com/exploits/40279/
Samba 2.2.7a (Linux) - https://www.exploit-db.com/exploits/10/
EternalBlue (windows) - https://www.exploit-db.com/exploits/42315




Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)