Latest Security News

מודול metasploit בדיקת סיסמאות בדומיין (smb)


לצורך בדיקת סיסמאות בדומיין (כניסה לתחנות- SMB) ,אני משתמש במודול   של :metasploit

הפעלה:

$ msfconsole



msf > use auxiliary/scanner/smb/smb_login
msf auxiliary(smb_login) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(smb_login); run

Module Options

BLANK_PASSWORDSTry blank passwords for all users (default: true)
BRUTEFORCE_SPEEDHow fast to bruteforce, from 0 to 5 (default: 5)
PASS_FILEFile containing passwords, one per line
PRESERVE_DOMAINSRespect a username that contains a domain name. (default: true)
RHOSTSThe target address range or CIDR identifier
RPORTSet the SMB service port (default: 445)
SMBDomainSMB Domain (default: WORKGROUP)
SMBPassSMB Password
SMBUserSMB Username
STOP_ON_SUCCESSStop guessing when a credential works for a host
THREADSThe number of concurrent threads (default: 1)
USERPASS_FILEFile containing users and passwords separated by space, one pair per line
USER_AS_PASSTry the username as the password for all users (default: true)
USER_FILEFile containing usernames, one per line
VERBOSEWhether to print output for all attempts (default: true)
CHOSTThe local client address
CPORTThe local client port
ConnectTimeoutMaximum number of seconds to establish a TCP connection
DCERPC::ReadTimeoutThe number of seconds to wait for DCERPC responses
MaxGuessesPerServiceMaximum number of credentials to try per service instance. If set to zero or a non-number, this option will not be used.
MaxGuessesPerUserMaximum guesses for a particular username for the service instance. Note that users are considered unique among different services, so a user at 10.1.1.1:22 is different from one at 10.2.2.2:22, and both will be tried up to the MaxGuessesPerUser limit. If set to zero or a non-number, this option will not be used.
MaxMinutesPerServiceMaximum time in minutes to bruteforce the service instance. If set to zero or a non-number, this option will not be used.
NTLM::SendLMAlways send the LANMAN response (except when NTLMv2_session is specified)
NTLM::SendNTLMActivate the 'Negotiate NTLM key' flag, indicating the use of NTLM responses
NTLM::SendSPNSend an avp of type SPN in the ntlmv2 client Blob, this allow authentification on windows Seven/2008r2 when SPN is required
NTLM::UseLMKeyActivate the 'Negotiate Lan Manager Key' flag, using the LM key when the LM response is sent
NTLM::UseNTLM2_sessionActivate the 'Negotiate NTLM2 key' flag, forcing the use of a NTLMv2_session
NTLM::UseNTLMv2Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key is true
ProxiesUse a proxy chain
REMOVE_PASS_FILEAutomatically delete the PASS_FILE on module completion
REMOVE_USERPASS_FILEAutomatically delete the USERPASS_FILE on module completion
REMOVE_USER_FILEAutomatically delete the USER_FILE on module completion
SMB::ChunkSizeThe chunk size for SMB segments, bigger values will increase speed but break NT 4.0 and SMB signing
SMB::Native_LMThe Native LM to send during authentication
SMB::Native_OSThe Native OS to send during authentication
SMB::VerifySignatureEnforces client-side verification of server response signatures
SMBDirectThe target port is a raw SMB service (not NetBIOS)
SMBNameThe NetBIOS hostname (required for port 139 connections)
SSLNegotiate SSL for outgoing connections
SSLVersionSpecify the version of SSL that should be used (accepted: SSL2, SSL3, TLS1)
ShowProgressDisplay progress messages during a scan
ShowProgressPercentThe interval in percent that progress should be shown
WORKSPACESpecify the workspace for this module
DCERPC::fake_bind_multiUse multi-context bind calls
DCERPC::fake_bind_multi_appendSet the number of UUIDs to append the target
DCERPC::fake_bind_multi_prependSet the number of UUIDs to prepend before the target
DCERPC::max_frag_sizeSet the DCERPC packet fragmentation size
DCERPC::smb_pipeioUse a different delivery method for accessing named pipes (accepted: rw, trans)
SMB::obscure_trans_pipe_levelObscure PIPE string in TransNamedPipe (level 0-3)
SMB::pad_data_levelPlace extra padding between headers and data (level 0-3)
SMB::pad_file_levelObscure path names used in open/create (level 0-3)
SMB::pipe_evasionEnable segmented read/writes for SMB Pipes
SMB::pipe_read_max_sizeMaximum buffer size for pipe reads
SMB::pipe_read_min_sizeMinimum buffer size for pipe reads
SMB::pipe_write_max_sizeMaximum buffer size for pipe writes
SMB::pipe_write_min_sizeMinimum buffer size for pipe writes
TCP::max_send_sizeMaxiumum tcp segment size. (0 = disable)
TCP::send_delayDelays inserted before every send. (0 = disable)