Skip to content

METASPLOIT – How to find Windows 7 File Shares (SMB or Server Message Block Scanning)

29/05/2013

Step 1 – Open msfconsole

Applications > BackTrack > Exploitation Tools > Network Exploitation Tools

Metasploit Framework > msfconsole

ben

There are 4 ways to use Metasploit – but full power is via MSFCONSOLE.

Step 2 – US

use scanner/smb/smb_version

show options

Step 3 – USSR

smb

BT smb scanuse scanner

Actual commands used

use scanner/smb/smb_version

set RHOSTS 192.168.1.65 (eg IP of your target)

set THREADS 5

use

***********

RESULTS of SMB or Windows File Share Scan

Backtrack and Plaintext Output of the BackTrack Picture:

BT smb results

smb results

That’s it!! Dead simple.

So what did we find?

The attack identified a Windows File Share – on IP 192.168.1.68.

And that the machine is running Windows 7 Home Premium.

It’s that easy.

*******

Use Netstat -ano  to see  port 445

  • Go to the command prompt (Start>Run>cmd) of the target laptop
  • Enter netstat -ano
  • You will get a report of Active Connections
  • Report includes: Protocol, Local Address, Foreign Address, State, PID
  • e.g.Write down the PID (process identifier) associated with port 445 (Also note the Local Address, Foreign Address, Protocol and State.)
    • Proto Local Address Foreign Address State PID
    • UDP 127.0.0.1:445 *:* 445
  • Next, start the Windows Task Manager
  • Select the Processes tab in Task Manager
  • Search for the PID you wrote down previously
  • netstat parameter -s displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6

******

***Full Credit to the works of:

KENNEDY, D et al.  2011.   Metasploit The Penetration Testers Guide.   No Starch Press: San Francisco.

Advertisements
Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: