diff --git a/Enumeration/SMB.md b/Enumeration/SMB.md index 5937bb2..9504987 100644 --- a/Enumeration/SMB.md +++ b/Enumeration/SMB.md @@ -1,5 +1,7 @@ # SMB +Start your enumeration with [enum4linux](https://github.com/CiscoCXSecurity/enum4linux.git) or alternative tools to get possible usernames and groups. + ## SMBClient * Use `smbclient` to list the share @@ -27,11 +29,13 @@ smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig' ## Enumerate Domain Users List users of the domain through leaked credentials of an SMB user + ```sh crackmapexec smb example.com -u lowperm_user -p 'securepassword!' --users ``` Continue trying the found password on the users discovered in the step before + ```sh crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue-on-success ``` @@ -39,6 +43,16 @@ crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue ## Enumerate Writeable SMB shares List writeable SMB shares for found domain users via impacket's psexec + ```sh psexec.py example.com/domain.user@example.com ``` + +## Download Directories + +Single files can be downloaded by any client like smbclient via `get`. +Directories can be downloaded via + +```sh +smbget -R smb://$TARGET_IP/directory +``` diff --git a/Enumeration/Websites.md b/Enumeration/Websites.md index 34c3506..2903759 100644 --- a/Enumeration/Websites.md +++ b/Enumeration/Websites.md @@ -60,7 +60,7 @@ Fuzz HTTP POST values in the following way ffuf -u http:// -c -w /usr/share/seclists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded' ``` -#### Fuzz Users and use Bruteforce +#### Fuzz Users and Use Bruteforce Fuzz users and write the results to a file as output @@ -91,6 +91,14 @@ ffuf -u http://test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1m #### Proxy * `-replay-proxy ` or `-x ` + +#### FUZZ Saved Request + +A stored request can be fuzzed using ffuf, remember to set the parameter value you want to fuzz to `FUZZ` inside the file. + +```sh +ffuf -request req.txt -w pin.txt -fs 89 -t 70 > output +``` ### Gobuster