Options
OSCP newbie and SMB frustration
mabraFoo
Member Posts: 23 ■□□□□□□□□□
I am starting the OSCP on April 18th. Anyone else recently started or going to start in April? I spent the last 2 days trying to get an smb hidden share "attack" to work using ncrack smb_brute and smbclient against a windows xp sp3 VM (website modern.ie) . So far nothing has worked even when I provide the admin username and password! 
XP firewall is disabled. As far as I can see it is because of this setting -->"sharing and security model for local accounts" being set to "guest only local users authenticate as guest".
This makes it so that linux or windows users can't pass a username to connect to a hidden share. The username field is hard coded to username guest and guest can't access hidden shares. Even though I wasn't able to crack my XP VM yet, I have learned a lot about smb brute force attacks.
Anyway, It would be good to know who is part of the OSCP class of ~March/April 2015. As some of you already know, it can get really frustrating when you spend a lot of hours and don't reach the root shell. Helping each other to know what to focus on and what may not be worth the time will be very valuable.
mabraFoo
BS/MS Computer Science
15 year MSSQL / Oracle DBA
XP firewall is disabled. As far as I can see it is because of this setting -->"sharing and security model for local accounts" being set to "guest only local users authenticate as guest".
This makes it so that linux or windows users can't pass a username to connect to a hidden share. The username field is hard coded to username guest and guest can't access hidden shares. Even though I wasn't able to crack my XP VM yet, I have learned a lot about smb brute force attacks.
Anyway, It would be good to know who is part of the OSCP class of ~March/April 2015. As some of you already know, it can get really frustrating when you spend a lot of hours and don't reach the root shell. Helping each other to know what to focus on and what may not be worth the time will be very valuable.
mabraFoo
BS/MS Computer Science
15 year MSSQL / Oracle DBA
Comments
-
Options
YFZblu
Member Posts: 1,462 ■■■■■■■■□□
It's very difficult to help without knowing your XP configuration or the syntax you're using during these attacks. The fact that you are failing using valid system credentials makes me think something may be up with your XP configuration or command-line syntax. -
OptionsmabraFoo
Member Posts: 23 ■□□□□□□□□□
It's all right, I am 99.9 % sure it is caused by this security policy setting -> sharing and security model for local accounts" being set to "guest only local users authenticate as guest". When I try to connect to the C$ hidden share from another xp machine, the guest username is set and is grayed out. The setting forces everyone to connect as the guest user.