Windows: SMB Server SMBExec

Overview

A Kali GUI machine and a target machine running a vulnerable SMB service are provided to you. The IP address of the target machine is provided in a text file named target placed on the Desktop of the Kali machine (/root/Desktop/target).

Your task is to fingerprint the SMB service using the tools available on the Kali machine and then use SMBExec tool to perform a post-exploitation on the SMB service. The SMBExec tool is useful to execute the commands without transferring any binary on the target server. It works with the SMB shares as well as without shares by running a local SMB server.

Objective: Exploit the SMB service to get a meterpreter on the target and retrieve the flag!

Instructions:

• Your Kali machine has an interface with IP address 10.10.X.Y. Run “ip addr” to know the values of X and Y.

• The IP address of the target machine is mentioned in the file “/root/Desktop/target”

• Do not attack the gateway located at IP address 192.V.W.1 and 10.10.X.1

• Dictionaries to use:

• /usr/share/metasploit-framework/data/wordlists/common_users.txt

• /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt

Solutions

The solution for this lab can be found in the following manual: https://assets.ine.com/labs/ad-manuals/walkthrough-1960.pdf