SMB

smbclient --no-pass -L //10.10.10.100 Anonymous login successful

Sharename       Type      Comment
---------       ----      -------
ADMIN$          Disk      Remote Admin
C$              Disk      Default share
IPC$            IPC       Remote IPC
NETLOGON        Disk      Logon server share 
Replication     Disk      
SYSVOL          Disk      Logon server share 
Users           Disk      
╭─ ο…Ό  ξ‚± ο„•  /home/kali/Active ▓▒░────────────────────────────────────────────────────────────────░▒▓ βœ” ξ‚³ root@kali ξ‚°
╰─ smbmap -H 10.10.10.100                            
[+] IP: 10.10.10.100:445	Name: active.htb                                        
        Disk                                                  	Permissions	Comment
	----                                                  	-----------	-------
	ADMIN$                                            	NO ACCESS	Remote Admin
	C$                                                	NO ACCESS	Default share
	IPC$                                              	NO ACCESS	Remote IPC
	NETLOGON                                          	NO ACCESS	Logon server share 
	Replication                                       	READ ONLY	
	SYSVOL                                            	NO ACCESS	Logon server share 
	Users                                             	NO ACCESS

Inside there was a Groups.xml file that contains the credentials for a user called SVC-TGS

This cpassword can be decrypted using GPP-Decrypt.

PreviousMSRPCNextLDAP

Last updated