asolino
commented
4 years ago Hey @fusionskitty
Sorry for the delay.. My comments on your output:
You ran:
kali@kali:~/Downloads/impacket-master/build/scripts-2.7$ sudo python smbserver.py -ip 10.10.0.70 -smb2support -debug Share ~/Documents/CyberSecLabs/DC/Brute/So there should be a share called 'Share' pointing to ~/Documents/CyberSecLabs/DC/Brute/
Then you ran:
smbclient -L 10.10.0.70 --no-pass
Sharename Type Comment
--------- ---- -------
SHARE Disk
IPC$ Disk Looks like the share is there.
With regards to Windows, you specified:
C:> net view \10.10.0.70
net view \10.10.0.70
The Server service is not started.
More help is available by typing NET HELPMSG 2114.Try running:
net view \\10.10.0.70Samba.logs shouldn't matter here unless I'm missing something.
Configuration
impacket version: v0.9.21 Python version: 2.7/dist-packages Target OS: Severing from Kali kernel 5.7.0 to Win
Debug Output With Command String
i.e.
kali@kali:~/Downloads/impacket-master/build/scripts-2.7$ sudo python smbserver.py -ip 10.10.0.70 -smb2support -debug Share ~/Documents/CyberSecLabs/DC/Brute/ Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation
[+] Impacket Library Installation Path: /usr/local/lib/python2.7/dist-packages/impacket [] Config file parsed [] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0 [] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0 [] Config file parsed [] Config file parsed [] Config file parsed [] Incoming connection (10.10.0.70,49808) [] AUTHENTICATE_MESSAGE (\,KALI) [] User KALI\ authenticated successfully [] :::::4141414141414141 [] Connecting Share(1:ipc$) [] Disconnecting Share(1:ipc$) [] Closing down connection (10.10.0.70,49808) [] Remaining connections [] [] Incoming connection (10.10.0.70,49810) [] AUTHENTICATE_MESSAGE (\,) [] User \ authenticated successfully [] :::::4141414141414141 [] Connecting Share(1:IPC$) [] Disconnecting Share(1:IPC$) [] Closing down connection (10.10.0.70,49810) [] Remaining connections [] [] Incoming connection (10.10.0.70,49812) [] AUTHENTICATE_MESSAGE (\,KALI) [] User KALI\ authenticated successfully [] :::::4141414141414141 [] Connecting Share(1:ipc$) [] Disconnecting Share(1:ipc$) [] Closing down connection (10.10.0.70,49812) [] Remaining connections [] ] :::00::4141414141414141 [] Closing down connection (172.31.3.3,50554) [] Remaining connections [] [] Incoming connection (172.31.3.3,50556) [] AUTHENTICATE_MESSAGE (\,BRUTE-DC)
[] User BRUTE-DC\ authenticated successfully
[] :::00::4141414141414141
[] Closing down connection (172.31.3.3,50556)
[] Remaining connections []
[] Incoming connection (172.31.3.3,50557)
[] AUTHENTICATE_MESSAGE (\,BRUTE-DC)
[] User BRUTE-DC\ authenticated successfully
[] :::00::4141414141414141
[] Closing down connection (172.31.3.3,50557)
[*] Remaining connections []
From windows
C:> net view \10.10.0.70 net view \10.10.0.70 The Server service is not started.
More help is available by typing NET HELPMSG 2114.
From Kali
smbclient -L 10.10.0.70 --no-pass
Reconnecting with SMB1 for workgroup listing. do_connect: Connection to 10.10.0.70 failed (Error NT_STATUS_CONNECTION_REFUSED) Unable to connect with SMB1 -- no workgroup available
Samba log file
kali@kali:~/Downloads/impacket-master/build/scripts-2.7$ sudo cat /var/log/samba/log.smbd [2020/07/29 00:51:36.163550, 0] ../../source3/smbd/server.c:1782(main) smbd version 4.12.5-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2020/07/29 00:51:36.166505, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Global parameter min protocol found in service section! [2020/07/29 00:51:36.194421, 0] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections [2020/07/29 00:52:10.564023, 0] ../../source3/smbd/server.c:1782(main) smbd version 4.12.5-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2020/07/29 00:52:10.564705, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Global parameter min protocol found in service section! [2020/07/29 00:52:10.573079, 0] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections [2020/07/29 00:53:53.070582, 0] ../../source3/smbd/server.c:1782(main) smbd version 4.12.5-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2020/07/29 00:53:53.071213, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Global parameter min protocol found in service section! [2020/07/29 00:53:53.078986, 0] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections [2020/07/29 00:54:36.211502, 0] ../../source3/smbd/server.c:1782(main) smbd version 4.12.5-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2020/07/29 00:54:36.212138, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Global parameter min protocol found in service section! [2020/07/29 00:54:36.220363, 0] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections [2020/07/29 01:18:31.270688, 0] ../../source3/smbd/server.c:1782(main) smbd version 4.12.5-Debian started. Copyright Andrew Tridgell and the Samba Team 1992-2020 [2020/07/29 01:18:31.271367, 0] ../../lib/param/loadparm.c:1890(lpcfg_do_service_parameter) Global parameter min protocol found in service section! [2020/07/29 01:18:31.279670, 0] ../../lib/util/become_daemon.c:135(daemon_ready) daemon_ready: daemon 'smbd' finished starting up and ready to serve connections
Additional context
Not sure why I'm not able to see smb shares when trying from both windows using net view and from linux using smbclient. Have tried several "client min protocol" values in smb.conf file but nothing seemed to work. Weird thing is enum4linux can see my share like i want windows to. Everything else seems to just get null errors.
kali@kali:~/Downloads/CTF-bash-tools-master/scripts$ enum4linux 10.10.0.70 Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Wed Jul 29 02:08:30 2020
========================== | Target Information | ========================== Target ........... 10.10.0.70 RID Range ........ 500-550,1000-1050 Username ......... '' Password ......... '' Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none
================================================== | Enumerating Workgroup/Domain on 10.10.0.70 | ================================================== [E] Can't find workgroup/domain
========================================== | Nbtstat Information for 10.10.0.70 | ========================================== Looking up status of 10.10.0.70 No reply from 10.10.0.70
=================================== | Session Check on 10.10.0.70 | =================================== Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 437. [+] Server 10.10.0.70 allows sessions using username '', password '' Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 451. [+] Got domain/workgroup name:
========================================= | Getting domain SID for 10.10.0.70 | ========================================= Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 359. Could not initialise lsarpc. Error was NT_STATUS_NO_SUCH_FILE [+] Can't determine if host is part of domain or part of a workgroup
==================================== | OS information on 10.10.0.70 | ==================================== Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 458. Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464. [+] Got OS info for 10.10.0.70 from smbclient: Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 467. [+] Got OS info for 10.10.0.70 from srvinfo: \10.10.0.70 Wk (null) platform_id : 500 os version : 6.1 server type : 0x1
=========================== | Users on 10.10.0.70 | =========================== Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 866. Use of uninitialized value $users in print at ./enum4linux.pl line 874. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 877.
Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 881. Use of uninitialized value $users in print at ./enum4linux.pl line 888. Use of uninitialized value $users in pattern match (m//) at ./enum4linux.pl line 890.
======================================= | Share Enumeration on 10.10.0.70 | ======================================= Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 640. do_connect: Connection to 10.10.0.70 failed (Error NT_STATUS_CONNECTION_REFUSED)
Reconnecting with SMB1 for workgroup listing. Unable to connect with SMB1 -- no workgroup available
[+] Attempting to map shares on 10.10.0.70 Use of uninitialized value $global_workgroup in concatenation (.) or string at ./enum4linux.pl line 654. //10.10.0.70/SHARE [E] Can't understand response: tgt.txt AN 523 Tue Jul 28 23:31:45 2020 plugin.dll AN 5120 Wed Jul 29 00:13:30 2020 usernames.txt AN 29 Tue Jul 28 03:17:16 2020 tess.ccache AN 1199 Tue Jul 28 23:53:14 2020 slim.txt AN 21 Tue Jul 28 11:18:37 2020 peas.exe AN 241664 Sun Jun 21 00:25:51 2020