To see which options we have with this exploit and payload combination, enter; As you can see, there are numerous options, but the only options we need to set are LHOST (our IP) and the RHOST (the target IP). no The Windows domain to use for authentication The line “- -script smb-vuln*” is a script built-in on Nmap to also scan if the host is vulnerable to the SMB device. These options allow us to determine the format of the file storing the hashes for cracking by Cain and Abel or John the Ripper. GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together. CHECK_PIPE false no Check for named pipe on vulnerable hosts If the target server supports SMB version 1, then the module will also attempt to: identify the information about the host operating system. Now to crack them, we can use John the Ripper (its built into Kali) by typing: When we do so, John the Ripper loads the password hash, recognizes the type of hash, and begins cracking it. When it does so, it must present its credentials to each system and this will usually use the admin password. privacy statement. Module options (auxiliary/scanner/smb/smb_ms17_010): Name Current Setting Required Description, CHECK_ARCH true no Check for architecture on vulnerable hosts Now that we have EternalBlue in our Metasploit Framework, we can use it to exploit a Windows 7 or Windows Server 2008 system. If you have a database plugin loaded, successful logins will be stored in it for future reference and usage. At the end of the Task Chain, it makes sense to generate a report to learn how many services can be easily broken into by just using a compromised password so you can take appropriate actions. SMB 2.0 / SMB2: This version used in Windows Vista and Windows Server 2008. Note: This is the first post in a three-part series on all of the cool stuff you can do with Metasploit Pro. In Hacking, Ports and Protocols play a major role as hacking is not possible without them. they're used to gather information about the pages you visit and how many clicks you need to accomplish a task. In Metasploit, there are very simple commands to know if the remote host or remote PC support SMB or not. But if you need further validation, you can also try to get a session if a password is found. Malicious hackers admit, that Port 445 is vulnerable and has many of insecurities. To learn more about using Metasploit, sign up for our Metasploit Kung-Fu class coming soon. The script is actually comprised of multiple command. We already know that the target is vulnerable to MS17–010 (code name EternalBlue) and we can use a program called Metasploit to exploit the targets. This mixin provides a minimal SMB server sharing an UNC resource. Testing SMB Server Security with Metasploit Pro Task Chains: Part 1. When you are done configuring the Bruteforce task, click on the plus sign again, and create another new task that reports the findings. modules in Metasploit SMB Shares Microsoft Windows uses the Server Message Block (SMB) Protocol, one version of which was also known as Common Internet File System (CIFS), operates as an application-layer network protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network. So to extend our network coverage, we need to find a way to change our IP to also cover the class B IP subnet (i.e.