This commit is contained in:
gurkenhabicht 2023-08-31 01:33:59 +02:00
parent ef401ad5ed
commit 95f4adecab
2 changed files with 23 additions and 1 deletions

View File

@ -1,5 +1,7 @@
# SMB
Start your enumeration with [enum4linux](https://github.com/CiscoCXSecurity/enum4linux.git) or alternative tools to get possible usernames and groups.
## SMBClient
* Use `smbclient` to list the share
@ -27,11 +29,13 @@ smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig'
## Enumerate Domain Users
List users of the domain through leaked credentials of an SMB user
```sh
crackmapexec smb example.com -u lowperm_user -p 'securepassword!' --users
```
Continue trying the found password on the users discovered in the step before
```sh
crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue-on-success
```
@ -39,6 +43,16 @@ crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue
## Enumerate Writeable SMB shares
List writeable SMB shares for found domain users via impacket's psexec
```sh
psexec.py example.com/domain.user@example.com
```
## Download Directories
Single files can be downloaded by any client like smbclient via `get`.
Directories can be downloaded via
```sh
smbget -R smb://$TARGET_IP/directory
```

View File

@ -60,7 +60,7 @@ Fuzz HTTP POST values in the following way
ffuf -u http://<IP> -c -w /usr/share/seclists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded'
```
#### Fuzz Users and use Bruteforce
#### Fuzz Users and Use Bruteforce
Fuzz users and write the results to a file as output
@ -92,6 +92,14 @@ ffuf -u http://test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1m
* `-replay-proxy <IP>` or `-x <ProxyIP>`
#### FUZZ Saved Request
A stored request can be fuzzed using ffuf, remember to set the parameter value you want to fuzz to `FUZZ` inside the file.
```sh
ffuf -request req.txt -w pin.txt -fs 89 -t 70 > output
```
### Gobuster
[Repo](https://github.com/OJ/gobuster.git)