SMB and RPC Pentesting?

[tylenol187]

please delete this thread..

[imported___CG__]

unless someone has intentionally shared the whole drive you have to be an admin to access C$ ADMIN$ etc that's a windows default.

[tylenol187]

so, there's no way around this? oh well i guess, stupid question. i think ill try to create some kind of script that i can put into the public share that will get me the admin password or create a new admin account for me. anyways, later...

[KMDave]

Hey folks, I've recently been trying to run some tests on my network, just to learn some more about security and all. I'm kinda stuck and not sure where to go next and I've been searching the forums the net and can't find anything to help me. A box on my network has ports 135 and 139 open and i can connect to see the SMB shares on the said computer, but when i try to open the C$ directory share, it asks for username and password. Is there any way to get around this? I figure i should find out what version of SMB and RPC the computer was running so I could try to find some vulnerabilities, but I have no idea about how to go about this. I know this is a really n00b question, but I'm trying to learn. Anyways, can anyone point me in th right direction? I'm not asking for a direct answer, just perhaps a link to something that i can read up on that might help. I've tried using each of the tools under the SMB Analysis folder but I've had no luck... Any help would be much appreciated. Thanks

If it is on your network, shouldn't you know the version?

[tylenol187]

If it is on your network, shouldn't you know the version?

yes, but i'm just fooling around with the network for education's sake. instead of getting into trouble on someone else's network.

[KMDave]

Well if it is your network and your machine you are playing around with and don't know how to figure out the samba version you should go and learn some more about Linux in general before getting back to Backtrack.
It won't be any good if you just learn to click on some buttons and maybe it's working and maybe it's not.
Learn why and how it is working. But before you can learn more about the tools provided with BT learn about Linux, it's commands and applications. It will help a lot.

[tylenol187]

Well if it is your network and your machine you are playing around with and don't know how to figure out the samba version you should go and learn some more about Linux in general before getting back to Backtrack.
It won't be any good if you just learn to click on some buttons and maybe it's working and maybe it's not.
Learn why and how it is working. But before you can learn more about the tools provided with BT learn about Linux, it's commands and applications. It will help a lot.

^noted...however...even though i'm new to backtrack and this forum, im not necessarily new to linux. albeit, im not a linux wizard by any means. i have in fact set up my own samba server on linux and freebsd among other types of servers before, and they were working prefectly with windows machines on the same network. furthermore, slackware has been my distro of choice for the past couple years. im trying to learn more about backtrack, thats why im posting in this forum. i could've posted this in any
other forum i suppose, but i figured, since im using backtrack why not post in the remote-exploit forum?

im not trying to come off as defensive or argumentative, but when you said, "It won't be any good if you just learn to click on some buttons and maybe it's working and maybe it's not." i did take offense. that's not at all what im trying to do.

i want to learn how stuph works, and i apologize if my original post sounded like i was trying to get a quick and easy answer for a complicated question. i did take a long break from using computers in general, let alone linux, so my knowledge has diminished a bit. anyways, i will do some reading up on SMB and RPC to learn more before i post on this subject again.

[KMDave]

Sorry if it offended you, it was not meant to.

Often people here ask questions and have no to little knowledge of Linux. Same goes for the questions where they want to be spoonfed.

And some people try to get some info on how to automated get into "their" network. Since you are quite new to the forums, don't see it as a personal thing, but more like a sceptical point of view (just have a look into the idiot's corner for some examples).

[tylenol187]

Sorry if it offended you, it was not meant to.

Often people here ask questions and have no to little knowledge of Linux. Same goes for the questions where they want to be spoonfed.

And some people try to get some info on how to automated get into "their" network. Since you are quite new to the forums, don't see it as a personal thing, but more like a sceptical point of view (just have a look into the idiot's corner for some examples).

its kool. yeah i can understand the skeptical point of view, there seems to be tons a ppl coming to this forum trying to get a post-by-post guide to "hacking" computers. oh well...