Merge pull request #749 from noraj/patch-1
pentesting-smb: add From Windows / no third-party tools
This commit is contained in:
commit
4704e7d368
|
@ -136,8 +136,8 @@ rpcclient -U "username%passwd" <IP> #With creds
|
|||
|
||||
### Enumerate Users, Groups & Logged On Users
|
||||
|
||||
This info should already being gathered from enum4linux and enum4linux-ng
|
||||
|
||||
# This info should already being gathered from enum4linux and enum4linux-ng
|
||||
```bash
|
||||
crackmapexec smb 10.10.10.10 --users [-u <username> -p <password>]
|
||||
crackmapexec smb 10.10.10.10 --groups [-u <username> -p <password>]
|
||||
|
@ -151,16 +151,19 @@ enumdomgroups
|
|||
```
|
||||
|
||||
### Enumerate local users
|
||||
|
||||
[Impacket](https://github.com/fortra/impacket/blob/master/examples/lookupsid.py)
|
||||
|
||||
```bash
|
||||
lookupsid.py -no-pass hostname.local
|
||||
```
|
||||
|
||||
Oneliner
|
||||
|
||||
```bash
|
||||
for i in $(seq 500 1100);do rpcclient -N -U "" 10.10.10.10 -c "queryuser 0x$(printf '%x\n' $i)" | grep "User Name\|user_rid\|group_rid" && echo "";done
|
||||
```
|
||||
|
||||
|
||||
### Metasploit - Enumerate local users
|
||||
```bash
|
||||
use auxiliary/scanner/smb/smb_lookupsid
|
||||
|
@ -268,6 +271,40 @@ smbclient -U '%' -N \\\\192.168.0.24\\im_clearly_not_here # returns NT_STATUS_BA
|
|||
smbclient -U '%' -N \\\\192.168.0.24\\ADMIN$ # returns NT_STATUS_ACCESS_DENIED or even gives you a session
|
||||
```
|
||||
|
||||
### **Enumerate shares from Windows / without third-party tools**
|
||||
|
||||
PowerShell
|
||||
|
||||
```powershell
|
||||
# Retrieves the SMB shares on the locale computer.
|
||||
Get-SmbShare
|
||||
Get-WmiObject -Class Win32_Share
|
||||
# Retrieves the SMB shares on a remote computer.
|
||||
get-smbshare -CimSession "<computer name or session object>"
|
||||
# Retrieves the connections established from the local SMB client to the SMB servers.
|
||||
Get-SmbConnection
|
||||
```
|
||||
|
||||
CMD console
|
||||
|
||||
```shell
|
||||
# List shares on the local computer
|
||||
net share
|
||||
# List shares on a remote computer (including hidden ones)
|
||||
net view \\<ip> /all
|
||||
```
|
||||
|
||||
MMC Snap-in (graphical)
|
||||
|
||||
```shell
|
||||
# Shared Folders: Shared Folders > Shares
|
||||
fsmgmt.msc
|
||||
# Computer Management: Computer Management > System Tools > Shared Folders > Shares
|
||||
compmgmt.msc
|
||||
```
|
||||
|
||||
explorer.exe (graphical), enter `\\<ip>\` to see the available non-hidden shares.
|
||||
|
||||
### Mount a shared folder
|
||||
|
||||
```bash
|
||||
|
|
Loading…
Reference in New Issue