|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Samba hacking ?
From: Frederic Charpentier (fcharpen
xmcopartners.com)
Date: Fri Apr 01 2005 - 05:12:10 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Bones,
Concerning samba enumeration, you can use samba-tng to get more than
share names.
(with $rpc = samba-tng's smbclient, maybe it works with normal samba now)
$rpc -S $ipaddress -c 'wksinfo' -N
$rpc -S $ipaddress -c 'enumdomains' -N
$rpc -S $ipaddress -c 'lsaquery' -N
$rpc -S $ipaddress -c 'lsaenumsid' -N
$rpc -S $ipaddress -c 'enumgroups' -N
$rpc -S $ipaddress -c 'enumusers' -N
$rpc -S $ipaddress -c 'srvshares' -N
then, for each user found :
$rpc -S $ipaddress -c 'samuser $user -u' -N
GFI languard enumerates lot of information as well, on a windows platform.
Brute forcing user/pwd is a good idea (with hydra) and bruteforcing
share name is also possible with handmade script.
Fred.
Bones wrote:
> All-
>
> Got tools galore for banging away on Windows-based SMB shares, but am
> currently working on a PT where the client has a number of unprotected
> (TCP 139, et al.) shares identified by nmap and Nessus as "Samba".
> Haven't really spent that much time with Samba before.
>
> I can cover the basics, such as null connections, and the old enum.exe
> tool from Razor seems to enumerate users and shares to a degree. Most
> other Win32 tools just crap out.
>
> Just wondering if there are any Samba-specific tools out there that I
> can get my hands on.
>
> Recommendations?
>
--
_______________________________________
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com
Bones wrote:
> All-
>
> Got tools galore for banging away on Windows-based SMB shares, but am
> currently working on a PT where the client has a number of unprotected
> (TCP 139, et al.) shares identified by nmap and Nessus as "Samba".
> Haven't really spent that much time with Samba before.
>
> I can cover the basics, such as null connections, and the old enum.exe
> tool from Razor seems to enumerate users and shares to a degree. Most
> other Win32 tools just crap out.
>
> Just wondering if there are any Samba-specific tools out there that I
> can get my hands on.
>
> Recommendations?
>
--
_______________________________________
Frederic Charpentier - Xmco Partners
Security Consulting / Pentest
web : http://www.xmcopartners.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]