Penetration Testing mailing list archives
Re: Samba hacking ?
From: Frederic Charpentier <fcharpen () xmcopartners com>
Date: Fri, 01 Apr 2005 13:12:10 +0200
Hi Bones,Concerning samba enumeration, you can use samba-tng to get more than share names.
(with $rpc = samba-tng's smbclient, maybe it works with normal samba now) $rpc -S $ipaddress -c 'wksinfo' -N $rpc -S $ipaddress -c 'enumdomains' -N $rpc -S $ipaddress -c 'lsaquery' -N $rpc -S $ipaddress -c 'lsaenumsid' -N $rpc -S $ipaddress -c 'enumgroups' -N $rpc -S $ipaddress -c 'enumusers' -N $rpc -S $ipaddress -c 'srvshares' -N then, for each user found : $rpc -S $ipaddress -c 'samuser $user -u' -N GFI languard enumerates lot of information as well, on a windows platform.Brute forcing user/pwd is a good idea (with hydra) and bruteforcing share name is also possible with handmade script.
Fred. Bones wrote: > All- > > Got tools galore for banging away on Windows-based SMB shares, but am > currently working on a PT where the client has a number of unprotected > (TCP 139, et al.) shares identified by nmap and Nessus as "Samba". > Haven't really spent that much time with Samba before. > > I can cover the basics, such as null connections, and the old enum.exe > tool from Razor seems to enumerate users and shares to a degree. Most > other Win32 tools just crap out. > > Just wondering if there are any Samba-specific tools out there that I > can get my hands on. > > Recommendations? > -- _______________________________________ Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com Bones wrote:
All- Got tools galore for banging away on Windows-based SMB shares, but am currently working on a PT where the client has a number of unprotected (TCP 139, et al.) shares identified by nmap and Nessus as "Samba". Haven't really spent that much time with Samba before. I can cover the basics, such as null connections, and the old enum.exe tool from Razor seems to enumerate users and shares to a degree. Most other Win32 tools just crap out. Just wondering if there are any Samba-specific tools out there that I can get my hands on. Recommendations?
-- _______________________________________ Frederic Charpentier - Xmco Partners Security Consulting / Pentest web : http://www.xmcopartners.com
Current thread:
- Re: Samba hacking ? Frederic Charpentier (Apr 04)
- Re: Samba hacking ? Jon Hart (Apr 04)
- Re: Samba hacking ? David Cravshaw (Apr 06)
- Re: Samba hacking ? T (Apr 05)
- Re: Samba hacking ? Jon Hart (Apr 04)