[Smbexec v2.0] A rapid tool based on psexec style attack with samba tools
A rapid tool based on psexec style attack with samba tools.
Key features
- Enumerate systems with domain admin logged in
- Grab hashes
- Extract cached creds (based on cachedump)
- Remote Login Validation
- Dump cleartext credentials
- Pop shells
Includes
- smbexec.sh
- installer.sh
- patches to compile binaries
- source for samba-3.6.9 and winexe-1.00
Credit where credit is due:
- wce.exe – Hernan Ochoa – An incredible tool that mimikatz CANNOT touch! – http://www.ampliasecurity.com
- smbclient & winexe Hash Passing patch – JoMo-kun -> http://www.foofus.net/~jmk/passhash.html – Patch updated for Samba 3.6.12 by exfil (Emilio Escobar)
- vanish.sh – Original concept Astr0baby stable version edits Vanish3r -> http://www.securitylabs.in/2011/12/easy-bypass-av-and-firewall.html
- www.samba.org
- winexe – ahajda -> http://sourceforge.net/users/ahajda
- Metasploit – www.metasploit.com (Thank you HD and team!)
- Nmap – nmap.org (Thank you Fydor!)
- Creddump – Brendan Dolan-Gavitt – http://code.google.com/p/creddump/
- NTDSXtract – Csaba Barta – http://www.ntdsxtract.com/
- libesedb – Joachim Metz – http://libesedb.googlecode.com/
![[Smbexec v2.0] A rapid tool based on psexec style attack with samba
tools](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAGKFjWoYKu0G_OSkh4Wdcl7Z1HjZvoN9wBe41efyvxqUTU_jXlRsXkGwsPZxxpvKPDQN4KEdC8FpAh-QrrMJKcZPlNHYlYkGpR2s065R1VIG18nH2aQ0ZPz8WFkYZ4XswHqVdz3K0MDo/s72-c/samba_logo.png){kind=logo}