445 - SMB
Check for null sessions
WinscanX - windows tool: https://packetstormsecurity.com/files/84199/WinScanX-Password-Utility.html
Connecting to SMB Shares
List SMB shares
Connect to smb share
rpcclient -U "" -N [ip]
enum4linux -a <ip>
Using psexec from Impacket
MultiRelay.py
For SMB Relay to be possible, you must turn off SMB and HTTP within the responder config file (you can change it back when you have finished)
Set responder.conf to:
Then run responder:
Then run the following in another terminal session
Inveigh Relay
Session attack requires SMB tools from Invoke-TheHash
Create an SMB Share
Scan for common vulns
nmap --script smb-vuln* -p 139,445
Last updated