🎫
Fuse
  • Fuse
    • Summary
  • Enumeration
    • TCP
    • UDP
    • Web Services
      • Nikto
      • Dirb Extensions
      • Dirsearch
      • goBuster
      • Robots
      • WhatWeb
    • Other Services
      • DNS
      • MSRPC
      • Kerberos
      • LDAP
      • SMB
    • Authenticated Enumeration
      • DNS
      • MSRPC
      • Kerberos
      • LDAP
      • SMB
  • Exploitation
  • Priv Escalation
  • Notes
Powered by GitBook
On this page
  1. Enumeration

Authenticated Enumeration

PreviousSMBNextDNS

Last updated 2 years ago

After spraying the passwords I was able to get the credentials various users.

These however when I was spraying them on CME, I was told to change the password. Using this script right here to change the passwords automatically if the password is correct I was able to enumerate the services further.

if echo "$pass" | smbclient -L //10.10.10.193 -U bhult 2>/dev/null >/dev/null; then echo "Password $pass still good"; else pass=$(date +%s | md5sum | base64 | head -c7; echo .); (echo 'Fabricorp01'; echo "$pass"; echo "$pass";) | smbpasswd -r 10.10.10.193 -s bhult; echo "password reset to $pass"; fi;

After the fi; we can query any command we want.