August 3, 2021
Find SMB Vulnerabilities with Nmap
In this tutorial, we will see how to perform a nmap scan that can find SMB vulnerabilities in the target. We will see how to use various nmap scripts to determine these SMB vulnerabilities.
This nmap command runs all the SMB vulnerability scripts smb-vuln-* against the target. This script requires the SMB port (port 445) to be open. We can see that the target is vulnerable to "ms08-067" and "ms17-010".
This shows all the SMB vulnerability scripts that will be run against the target.
You can follow me on Twitter mujtabareads.
- Escalate a Regular Shell to Meterpreter Shell
- Reading Outlook Files in Terminal
- Escalating Privileges with Metasploit's Local Exploit Suggester
- Simple wget PowerShell Script
- PsExec in Linux
- Eternal Blue Exploitation with Metasploit
- Exploit EternalBlue with Custom Exploit - 1
- Exploit EternalBlue with Custom Exploit - 2
- Local Privilege Escalation on Linux Kernel < 4.4.0-116
- Extract Passwords from Firefox Profile
- Escalate Privileges via pip
- Escalate Privileges by Modifying the /etc/passwd File
- wp_admin_shell_upload
- Extract Passwords with LaZagne
- Bruteforce Windows Server SMB Credentials with Medusa
- Brute Force Windows Server SMB Credentials with Hydra
- Brute Force Windows Server SMB Credentials with NCrack
- Brute Force Windows Server SMB Credentials with CrackMapExec
- Brute Force Windows Server SMB Credentials with Metasploit
- Exploit PrintNightmare