This exploit train is relatively simple, but we can automate a portion of this with the Metasploit Remote Procedure Call (MSFRPC). This script will use the nmap
library to scan for active ports of 445
, then generate a list of targets to test using a username and password passed via argument to the script. The script will use the same smb_enumusers_domain
module to identify boxes that have the credentials reused and other viable users logged into them. First, we need to install SpiderLabs msfrpc
library for Python. This library can be found at https://github.com/SpiderLabs/msfrpc.git.
Note
A github repository for the book can be found at https://github.com/funkandwagnalls/pythonpentest and within it is a setup file that can be run to install all the necessary packages, libraries, and resources.
The script we are creating uses the netifaces
library to identify which interface IP addresses belong to your host. It then scans for port 445
the SMB port on...