Penetration Testing with Kali Linux OffSec
ls -1 /usr/share/nmap/scripts/smb*
|
|
ls -1 /usr/share/nmap/scripts/smb*
/usr/share/nmap/scripts/smb2-capabilities.nse /usr/share/nmap/scripts/smb2-security-mode.nse 271 (Wikipedia, 2022), https://en.wikipedia.org/wiki/NetBIOS_over_TCP/IP Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 154 /usr/share/nmap/scripts/smb2-time.nse /usr/share/nmap/scripts/smb2-vuln-uptime.nse /usr/share/nmap/scripts/smb-brute.nse /usr/share/nmap/scripts/smb-double-pulsar-backdoor.nse /usr/share/nmap/scripts/smb-enum-domains.nse /usr/share/nmap/scripts/smb-enum-groups.nse /usr/share/nmap/scripts/smb-enum-processes.nse /usr/share/nmap/scripts/smb-enum-sessions.nse /usr/share/nmap/scripts/smb-enum-shares.nse /usr/share/nmap/scripts/smb-enum-users.nse /usr/share/nmap/scripts/smb-os-discovery.nse ... Listing 75 - Finding various nmap SMB NSE scripts We’ve located several interesting Nmap SMB NSE scripts that perform various tasks such as OS discovery and enumeration via SMB. The SMB discovery script works only if SMBv1 is enabled on the target, which is not the default case on modern versions of Windows. However, plenty of legacy systems are still running SMBv1, and we have enabled this specific version on the Windows host to simulate such a scenario. Let’s try the smb-os-discovery module on the Windows 11 client. kali@kali:~$ nmap -v -p 139,445 --script smb-os-discovery 192.168.50.152 ... PORT STATE SERVICE REASON 139/tcp open netbios-ssn syn-ack 445/tcp open microsoft-ds syn-ack Host script results: | smb-os-discovery: | OS: Windows 10 Pro 22000 (Windows 10 Pro 6.3) | OS CPE: cpe:/o:microsoft:windows_10::- | Computer name: client01 | NetBIOS computer name: CLIENT01\x00 | Domain name: megacorptwo.com | Forest name: megacorptwo.com | FQDN: client01.megacorptwo.com |_ System time: 2022-03-17T11:54:20-07:00 ... Listing 76 - Using the nmap scripting engine to perform OS discovery This particular script identified a potential match for the host operating system; however, we know it’s inaccurate as the target host is running Windows 11 instead of the reported Windows 10. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 155 As mentioned earlier, any Nmap service and OS enumeration output should be taken with grain of salt, as none of the algorithms are perfect. Unlike Nmap’s OS fingerprinting options we explored earlier, OS enumeration via NSE scripting provides extra information, such as the domain and other details related to Active Directory Domain Services. 272 This approach will also likely go unnoticed, as it produces less traffic that can also blend into normal enterprise network activity. Having discussed SMB enumeration via Kali, let’s learn how to enumerate it from a Windows client. One useful tool for enumerating SMB shares within Windows environments is net view. It lists domains, resources, and computers belonging to a given host. As an example, connected to the client01 VM, we can list all the shares running on dc01. C:\Users\student> Yüklə Dostları ilə paylaş:
|