Skip to content
/ SMB-reverse-brute Public
forked from DanMcInerney/SMB-reverse-brute

Async'ly gather unique usernames thru null SMB sessions and bruteforce them with 2 passwords

0 stars 24 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

attackgithub/SMB-reverse-brute

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

ridenum @ 68376ce

ridenum @ 68376ce

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

Pipfile

Pipfile

 
 

Pipfile.lock

Pipfile.lock

 
 

README.md

README.md

 
 

SMB-reverse-brute.py

SMB-reverse-brute.py

 
 

install.sh

install.sh

 
 

Repository files navigation

SMB-reverse-brute

Performs a 2 password reverse bruteforce against any hosts with NULL SMB sessions that allow RID cycling for usernames. Takes a hostlist file or an Nmap XML output file as input.

  • Takes input in form of Nmap XML or hostlist file
  • Finds any open 445 ports
  • Attempts a NULL SMB session (connecting over SMB without a password)
  • On success will perform RID cycling to gather domain usernames
  • Prevents account lockout by creating list of unique usernames and bruteforcing each one with two passwords:
    • P@ssw0rd
    • <Current_season><current_year> such as Summer2017

Installation

git clone https://github.com/DanMcInerney/SMB-reverse-brute
cd SMB-reverse-brute
./install.sh
pipenv shell

Usage

Read from Nmap XML file

python SMB-reverse-brute.py -x nmapfile.xml

Read from a hostlist of newline separated IPs or CIDR addresses. Also use your own password list.

python SMB-reverse-brute.py -l hostlist.txt -p passwords.txt

About

Async'ly gather unique usernames thru null SMB sessions and bruteforce them with 2 passwords

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 96.4%
  • Shell 3.6%