smbexec fun

Just another blog post about the basics and tools I find useful.  If you’re a pentester and you’re not using SMBexec you might be wasting some time and missing out on a well written and very helpful tool.

smbexec is available here it was written by Eric Milam (Brav0Hax) & Martin Bos (purehate_)

A few of the key features

  • Enumerate systems with domain admin logged in
  • Grab hashes
  • Dump cleartext credentials 
  • Pop shells

All done over SMB

Menu Layout


Main Menu


Enumeration Menu


Exploitation Menu


Obtain Hashes Menu

Simple example the assumption is you already compromised a host, obtained an administrator hash and you plan to replay the hash against other hosts.

Identify Hosts

Identify hosts with SMB listening

Identify hosts with SMB listening

Enumerate Shares

Enumerating Shares

Enumerating Shares

Launching a Meterpeter session over SMB

Configuring Payload

Configuring Payload

Meterpeter Payload being built

Meterpeter Payload being built

Metasploit handler being launched

Metasploit handler being launched

SMBExec Uploading and Executing

SMBExec Uploading and Executing

Sessions :-)

Sessions 🙂

That should cover some basic usage for extensive video tutorials check out –

Tagged with: , , ,
Posted in InfoSec
One comment on “smbexec fun
  1. Krypsys says:

    good blog in terms of the basics. It is a great tool for seeing where you can improve, pentesting.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: