bump
This commit is contained in:
parent
ef401ad5ed
commit
95f4adecab
|
@ -1,5 +1,7 @@
|
|||
# SMB
|
||||
|
||||
Start your enumeration with [enum4linux](https://github.com/CiscoCXSecurity/enum4linux.git) or alternative tools to get possible usernames and groups.
|
||||
|
||||
## SMBClient
|
||||
|
||||
* Use `smbclient` to list the share
|
||||
|
@ -27,11 +29,13 @@ smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig'
|
|||
## Enumerate Domain Users
|
||||
|
||||
List users of the domain through leaked credentials of an SMB user
|
||||
|
||||
```sh
|
||||
crackmapexec smb example.com -u lowperm_user -p 'securepassword!' --users
|
||||
```
|
||||
|
||||
Continue trying the found password on the users discovered in the step before
|
||||
|
||||
```sh
|
||||
crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue-on-success
|
||||
```
|
||||
|
@ -39,6 +43,16 @@ crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue
|
|||
## Enumerate Writeable SMB shares
|
||||
|
||||
List writeable SMB shares for found domain users via impacket's psexec
|
||||
|
||||
```sh
|
||||
psexec.py example.com/domain.user@example.com
|
||||
```
|
||||
|
||||
## Download Directories
|
||||
|
||||
Single files can be downloaded by any client like smbclient via `get`.
|
||||
Directories can be downloaded via
|
||||
|
||||
```sh
|
||||
smbget -R smb://$TARGET_IP/directory
|
||||
```
|
||||
|
|
|
@ -60,7 +60,7 @@ Fuzz HTTP POST values in the following way
|
|||
ffuf -u http://<IP> -c -w /usr/share/seclists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded'
|
||||
```
|
||||
|
||||
#### Fuzz Users and use Bruteforce
|
||||
#### Fuzz Users and Use Bruteforce
|
||||
|
||||
Fuzz users and write the results to a file as output
|
||||
|
||||
|
@ -92,6 +92,14 @@ ffuf -u http://test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1m
|
|||
|
||||
* `-replay-proxy <IP>` or `-x <ProxyIP>`
|
||||
|
||||
#### FUZZ Saved Request
|
||||
|
||||
A stored request can be fuzzed using ffuf, remember to set the parameter value you want to fuzz to `FUZZ` inside the file.
|
||||
|
||||
```sh
|
||||
ffuf -request req.txt -w pin.txt -fs 89 -t 70 > output
|
||||
```
|
||||
|
||||
### Gobuster
|
||||
|
||||
[Repo](https://github.com/OJ/gobuster.git)
|
||||
|
|
Loading…
Reference in New Issue