MSF SMB based information collection

Today, let's continue to introduce the relevant knowledge of penetration testing , The main content of this paper is MSF be based on SMB Information collection .

disclaimer ：
The content introduced in this article is only for learning and communication , It is strictly prohibited to use the technology in the text for illegal acts , Otherwise, you will bear all serious consequences ！
Again ： It is forbidden to perform penetration tests on unauthorized equipment ！

One 、SMB summary

SMB by Server Message Block Abbreviation , Server message block , Also known as network file operating system .SMB It is an application layer network transmission protocol , Developed by Microsoft , The main function is to enable machines on the network to share computer files 、 Printer serial port and other resources .
today , We are based on SMB The protocol collects information about the target host , Use Kali Linux Host to one Windows 7 The host collects information .

Two 、 be based on SMB Protocol scan version number

First , Let's try based on SMB The version number of the protocol scan target host .
Get into MSF Interactive page , Carry out orders ：

 use auxiliary/scanner/smb/smb_version

After using this module , We set the... Of this module RHOSTS Parameters , The module can be executed , The execution results of the above process are as follows ：

As can be seen from the above figure , This scanning method , Scan except SMB Version of protocol , And the version of the system .

3、 ... and 、 Scan shared files

Next , We try to scan the shared file information on the target host . We carry out orders ：

use auxiliary/scanner/smb/smb_enumshares

After using this module , We need to set the target host RHOSTS、SMBUser（ That is, the system user name ）、SMBPass（ System password ） Three parameters , As shown below ：

after , We can then execute the module , The execution result of this module is as follows ：

As can be seen from the above figure , Use this module , We scan multiple shared folders in addition to the target system .

Four 、 be based on SMB Enumerate user information

Last , We try to use SMB To scan the user profile of the target system . We carry out orders ：

use auxiliary/scanner/smb/smb_lookupsid

After using this module , Still need to set up RHOSTS、SMBUser、SMBPass Three parameters , The setup process is exactly the same as before , As shown below ：

After the above three parameters are set , We run the module , The results are shown below ：

As can be seen from the above figure , Using this module , We scan multiple user information in addition to the system , Include user name 、ID wait .
Originality is not easy. , Reprint please explain the source ：https://blog.csdn.net/weixin_40228200