Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kitploitKitPloitKITPLOIT:6442715247043570666
HistoryJan 09, 2013 - 3:02 a.m.

[smbexec] A rapid psexec style attack with samba tools

2013-01-0903:02:00
www.kitploit.com
51

7.2 High

AI Score

Confidence

Low

JSON
[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkqZLdmO2lRFEkHOjZDmG5uhTOiDOoJ85lAIhiSnlXkQnWubDh2PxZFqP6NQzY6qmDzsUr_HnYz9SMrao_gLtbFjXZeq62hQzHg5k7Gmj0JOpYwPp37jE2LXTbdIBA2QK1UnNPERNKyCY/s1600/linuxsamba.gif)](<https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkqZLdmO2lRFEkHOjZDmG5uhTOiDOoJ85lAIhiSnlXkQnWubDh2PxZFqP6NQzY6qmDzsUr_HnYz9SMrao_gLtbFjXZeq62hQzHg5k7Gmj0JOpYwPp37jE2LXTbdIBA2QK1UnNPERNKyCY/s1600/linuxsamba.gif>)************************************************************
         smbexec
 A rapid psexec style attack with samba tools
      Original Concept and Script by PureHate & Brav0Hax
              Codename - Diamond in the Rough
             Gonna pha-q up - PurpleTeam Smash!
************************************************************

Written because we got sick of Metasploit PSExec getting popped

Special thanks to Carnal0wnage who's blog inspired us to go this route.
<http://carnal0wnage.attackresearch.com/2012/01/psexec-fail-upload-and-exec-instead.html>

v1.2.0 - 11/30/2012
FIXED - Script now checks to ensure exe's are compile before running. Alerts user to use installer to compile.
UPDATE - Added drive and path variables to ntds hash grab function. (No longer hardcoded to C:\Windows\NTDS or C:\Windows\Temp)
UPDATE - Checks for available diskspace before copying ntds.dit and sys files to the path provided
UPDATE - Deletes the volume shadow copy created by the ntds hash grab function

v1.1.1 - 11/11/2012
FIXED - Sometimes the IP validation fails even though it is a proper IP address
UPDATE - Installer updated with Samba-3.6.9 source
UPDATE - libesedb project moved to Google Code, installer updated with proper path  

Includes
- smbexec.sh
- installer.sh
- patches to compile binaries
- source for samba-3.6.9 and winexe-1.00

Just run the installer and you should be good to go! If not email [email protected]
- Run option #1 to compile binaries before you do anything!
*** If there are no binaries...the program will not work***
Sounds simple enough


Credit where credit is due:
* smbclient & winexe Hash Passing patch - JoMo-kun -> [http://www.foofus.net/~jmk/passhash.html](<http://www.foofus.net/%7Ejmk/passhash.html>)
 - Patch updated for Samba 3.6.6 by exfil (Emilio Escobar)
* vanish.sh - Original concept Astr0baby stable version edits Vanish3r -> <http://www.securitylabs.in/2011/12/easy-bypass-av-and-firewall.html>
* [www.samba.org](<https://www.samba.org/>)
* winexe - ahajda -> <http://sourceforge.net/users/ahajda>
* Metasploit - [www.metasploit.com](<http://www.metasploit.com/>) (Thank you HD and team!)
* Nmap - nmap.org (Thank you Fydor!)
* Creddump - Brendan Dolan-Gavitt - [http://code.google.com/p/creddump/](<https://code.google.com/p/creddump/>)
* NTDSXtract - Csaba Barta - <http://www.ntdsxtract.com/>
* libesedb - Joachim Metz - [http://libesedb.googlecode.com/](<https://libesedb.googlecode.com/>)





**[Download smbexec](<https://github.com/brav0hax/smbexec>)**

7.2 High

AI Score

Confidence

Low

JSON