-
Note: 139 = NetBIOS is a session layer protocol and service and different from 445 SMB. Enumeration Mandatory If you have no credentials yet: If you have already user credentials: On Windows Optional
-
Show shares with smbclient: smbclient --no-pass -L //$targetsmbclient -U guest //$target/smbclient -U Administrator --pw-nt-hash $NTLMHASH \\\\$target\\directory Show shares with other clients: smbmap -R -H $target // No usersmbmap -u L4mpje -p 'bureaulampje' -d WORKGROUP -H $target -R // Usernmap -sV --script=smb-enum-shares -p445 $targetcrackmapexec smb $target -u '' -p '' --shares Vulnerability scan nmap --script=smb-vul* -p445 $target…
-
Basics Authentication sequence for an user to log in on a domain (controller): Authentication sequence for an authenticated user on a local system: Terminology Kerberoasting means an offline cracking of the password in the NTLM hash. Useless if the service runs as service user. Then, the password will be replaced by a 128 character long…