************************************************************
smbexec
A rapid psexec style attack with samba tools
Original Concept and Script by PureHate & Brav0Hax
Codename - Diamond in the Rough
Gonna pha-q up - PurpleTeam Smash!
************************************************************
Written because we got sick of Metasploit PSExec getting popped
Special thanks to Carnal0wnage who's blog inspired us to go this route.
http://carnal0wnage.attackresearch.com/2012/01/psexec-fail-upload-and-exec-instead.html
v1.2.0 - 11/30/2012
FIXED - Script now checks to ensure exe's are compile before running. Alerts user to use installer to compile.
UPDATE - Added drive and path variables to ntds hash grab function. (No longer hardcoded to C:\Windows\NTDS or C:\Windows\Temp)
UPDATE - Checks for available diskspace before copying ntds.dit and sys files to the path provided
UPDATE - Deletes the volume shadow copy created by the ntds hash grab function
v1.1.1 - 11/11/2012
FIXED - Sometimes the IP validation fails even though it is a proper IP address
UPDATE - Installer updated with Samba-3.6.9 source
UPDATE - libesedb project moved to Google Code, installer updated with proper path
Includes
- smbexec.sh
- installer.sh
- patches to compile binaries
- source for samba-3.6.9 and winexe-1.00
Just run the installer and you should be good to go! If not email [email protected]
- Run option #1 to compile binaries before you do anything!
*** If there are no binaries...the program will not work***
Sounds simple enough
Credit where credit is due:
* smbclient & winexe Hash Passing patch - JoMo-kun -> http://www.foofus.net/~jmk/passhash.html
- Patch updated for Samba 3.6.6 by exfil (Emilio Escobar)
* vanish.sh - Original concept Astr0baby stable version edits Vanish3r -> http://www.securitylabs.in/2011/12/easy-bypass-av-and-firewall.html
* www.samba.org
* winexe - ahajda -> http://sourceforge.net/users/ahajda
* Metasploit - www.metasploit.com (Thank you HD and team!)
* Nmap - nmap.org (Thank you Fydor!)
* Creddump - Brendan Dolan-Gavitt - http://code.google.com/p/creddump/
* NTDSXtract - Csaba Barta - http://www.ntdsxtract.com/
* libesedb - Joachim Metz - http://libesedb.googlecode.com/
Download smbexec