Genius = https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/
IP address: 10.10.10.3
Recon
nmap -v -sU -sS -p- -A -T4 target
Port 445/tcp: used for direct TCP/IP MS Networking access without the need for NetBIOS layer. SMB (Server Message Block) protocol is used among other things for file sharing. Used in Windows 2K/XP to run SMB directly over TCP/IP without the extra layer of NetBT. https://www.speedguide.net/port.php?port=445
Port 139: SMB (NETBIOS Session Service)
Smb enumerations are failing
Nmap -p 445 -A 10.10.10.3
Nmap -p 445 –script smb-vuln-* 10.10.10.3
Smbmap -H 10.10.10.3
![Machine generated alternative text:
smbmap -H 10.10.10.3
[+] Finding open SMB ports.
[+] User SMB session establishd on 10.10.10.3..
[+] IP: 10.10.10.3:445 Name: 10.10.10.3
Disk
print$
tmp
opt
IPC$
ADMIN$
Permissions
NO ACCESS
READ, WRITE
NO ACCESS
NO ACCESS
NO ACCESS](https://cramhack.files.wordpress.com/2019/11/lame1.png?w=728)
Smbclient -L \\10.10.10.3

Now that we have the Samba version we can discover the critical vulns present on this system.
Port 21: ftp
Anonymous sign-in is enabled but there are no known files present
Port 22: SSH
Exploit
Easy Way
https://www.rapid7.com/db/modules/exploit/multi/samba/usermap_script
Real Way
https://linxz.co.uk/vulnerabilities/2018/11/14/Samba-username-map-script.html
Leave a Reply