https://pentestlab.blog/2017/12/13/smb-share-scf-file-attacks/

https://www.blackhat.com/docs/us-15/materials/us-15-Brossard-SMBv2-Sharing-More-Than-Just-Your-Files.pdf

https://cqureacademy.com/blog/penetration-testing/smb-relay-attack

https://www.secureworks.com/blog/attacking-windows-smb-zero-day-vulnerability

https://pen-testing.sans.org/blog/2013/04/25/smb-relay-demystified-and-ntlmv2-pwnage-with-python

CrackMapExec : https://github.com/byt3bl33d3r/CrackMapExec

You can use CME to spray credentials across a network as well from the command line:Winexe : https://sourceforge.net/projects/winexe/

Smbclient : Besides executing commands, you can RDP (as seen above), or mount SMB shares and download/upload files arbitrarily:

net use : login via SMB

net session : check open connections

net use /delete * : terminate open sessions

Using 'runas' to get Kerberos auth

netonly : authenticate as a domain user, even though we're not on a domain joined machine

net use : open connections with specified credentials

klist : list kerberos tickets

results matching ""

    No results matching ""