CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/dcerpc/petitpotam.md
Views: 1904
Vulnerable Application
Coerce an authentication attempt over SMB to other machines via MS-EFSRPC methods.
Verification Steps
Example steps in this format (is also in the PR):
Install the application
Start msfconsole
Do:
use auxiliary/scanner/dcerpc/petitpotam
Set the
RHOSTS
andLISTENER
options(Optional) Set the
SMBUser
,SMBPass
for authentication(Optional) Set the
PIPE
andMETHOD
options to adjust the trigger vectorDo:
run
Options
LISTENER
The host listening for the incoming connection. The target will authenticate to this host using SMB. The listener host should be hosting some kind of capture or relaying service.
PIPE
The named pipe to use for triggering.
METHOD
The RPC method to use for triggering. If 'Automatic' is selected, then all methods will be tried until one appears successful.
Scenarios
Windows Server 2019
In this case, Metasploit is hosting an SMB capture server to log the incoming credentials from the target machine account. The target is a 64-bit Windows Server 2019 domain controller.