Playing with SMB session

2 02 2010

SMB is Server Message Block and is used as a communication protocol. File sharing in Window is controled with SMB.

To jump into other window machines, SMB is our good slave. By mapping its shared directory with window command line, the target machine will be in our hand.

1. Set up SMB session
C:\>net use \\ /u:Administrator
The password or user name is invalid for \\
Enter the password for 'Administrator' to connect to '':
The command completed successfully.

2. Mount a share directory
C:\>net use * \\\C$
Drive Z: is now connected to \\\C$.
The command completed successfully.

3. Traverse or exploit it
Volume in drive Z has no label.
Volume Serial Number is 60DE-93E8
Directory of Z:\
16/03/2009 04:21 0 AUTOEXEC.BAT
16/03/2009 04:21 0 CONFIG.SYS
16/03/2009 04:27 Documents and Settings
14/01/2010 10:39 Program Files
14/01/2010 11:18 WINDOWS
16/03/2009 04:21 wmpub
2 File(s) 0 bytes
4 Dir(s) 2,367,676,416 bytes free

4. Finally, unmount the target machine
Z:\>net use * /del

However, when we control a window machine, we can see its ARP communication and name resolving.
> arp -a
> ipconfig /displaydns

Well, the process looks easy, but to grab SMB session you need to know username and password of the target.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: