Tier I

SMB / Samba

SMB (Server Message Block) is a network sharing protocol that allows file sharing between two computers on the same LAN.

Info Exploit
SMB_Samba Icon

SMB / Samba

SMB (Server Message Block) is a network sharing protocol that allows file sharing between two computers on the same LAN or between some devices (for example a computer and a printer).

SMB uses the port 445 ftp.

On Linux it is called SAMBA.


List Shares on SMB


After you have got a valid username and password, you can get the shares of that smb user.

List all the shares available by the target user:
smbclient -L \\\\target-ip\\ -U target-user

When asked, write the password that you got before
You can access a specific target share:
smbclient \\\\target-ip\\share-target -U target-user

Exploit


Psexec - Exploit


Execute PsExec on another terminal, with the username you found and the command we want to use (for example cmd.exe to execute a remote shell):
psexec.py target-username@target-ip command


Relay Attack


The SMB Relay is a type of attack where the SMB is intercepted and redirected to a legitimate server in order to obtain unauthorized access to the target.

  • Interception: using techniques like man-in-the-middle such as ARP spoofing, DNS poisoning or setting a rogue SMB server
  • Capturing Authentication: When a client logs to smb, the attacker captures the signal
  • Relaying to a legitimate server: Redirect the signal to a legitimate server instead of the target server
  • Gain Access: Now the attacker can gain access to the smb

    • You can exploit it with Metasploit