impacket SMB

[Forte]

Hello,

new guy here trying to start my way through the hak5 devices, i've been trying to use the different payloads on the wiki and wanting to start small...

i have upgraded the bashbunny to v1,5 and installed both the impacket and the gohttp tools, and have been trying to run this payload:

https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/credentials/DumpCreds/payload.txt

but with a different ps1 file (one that should create a local user just as a POC).

right now i believe i am getting stuck when the payload tries to load the SMBserver... as the computers where i am trying to run, when i want to check if the share is available then i get an error that windows doesnt trust SMBv1, i found a flag "-smb2support" on the SMBserver.py.

then when i try to connect to the SMB server the share is just empty (doesnt have any files inside) so the payload is not running the ps1 file...

i tried enabling smbv1 on my pc and now i am able to see the share but i am still getting an error when connecting to the e share (saying its unavailable)

 

what would be a good way to bypass or debug those errors?

[9ShadesLeft]

Howdy!

I also have found this to be a problem with windows defender "sanitizing" the files I download for my bash bunny (God D@M IT Windows I know it's a hacking tool! that's the POINT)

(just wanted to put my 2Cents in!)

Hope it goes well for you!

[MB60893]

You should be installing all the packages through the bash bunny's serial console connection in PuTTY. Alternatively, just disable defender for the time being until impacket has been installed to the /tools folder on the bash bunny, then everything should execute without being exposed to Windows from the Bash Bunny's linux partition.

[PoSHMagiC0de]

If you want to test smbserver.py, a good way is to test it by itself.

Make a new payload.txt and in it just put these lines.

LED SETUP
ATTACKMODE RNDIS_ETHERNET
sleep 5
LED ATTACK

When it is ready connect to it with putty from the Windows machine to ssh and login.

At the login change to the root of the bashbunny "cd /".

Type the below.

python /tools/impacket/examples/smbserver.py 'test' './'

If you have to, add the smb2support param to the above line too.  Now, while smbserver has the terminal bust launch an explorer window and try to connect to the bashbunny ip and share.

\\bashbunnyip\test

You should be browsing the root of the bunny.  If you are, even with the smb2support switch then impacket is working.  The issue might be the last param the way it is formatted which it is very picky about.  Always use full path for smbserver to server like "/root/udisk/payloads/$SWITCH_POSITION/" or "/root/udisk/look/etc/etc../".  When you connect to smbserver, you have to use the share name you specified as the parameter.