Identifying Hosts with Blank, Local, Administrator Passwords

Aug 11, 2018 01:50 PM

I'm aware of a handful of servers I have access to have not had their local Administrator accounts set on them, type in administrator press return and you're in.

I've been playing around with metasploit and the smb_login auxilary scanner.

I have a known test host I can login to with administrator and blank, but I just can't get Metasploit to feedback properly.

I'm using the following options:

BLANK_PASSWORDS true

SMBDomain . (which is the default, I'm thinking this is fine given it's a local administrator account)

SMBPass (set to nothing e.g. blank)

SMBUser Administrator

The output is as follows...

* x.x.x.x:445 - x.x.x.x:445 - Starting SMB login bruteforce

* x.x.x.x:445 - x.x.x.x:445 - This system does not accept authentication with any credentials, proceeding with brute force

* x.x.x.x:445 - x.x.x.x:445 - Correct credentials, but unable to login: '.\administrator:',

* x.x.x.x:445 - Scanned 1 of 1 hosts (100% complete)

* Auxiliary module execution completed

So my question really is, how can I easily record the fact the correct credentials were users / accepted as I have a couple of hundred machines to cover?

Also, any ideas why it was unable to login given the credentials were correct and that I can navigate to shares without issue from another windows box?

Just updated your iPhone? You'll find new Apple Intelligence capabilities, sudoku puzzles, Camera Control enhancements, volume control limits, layered Voice Memo recordings, and other useful features. Find out what's new and changed on your iPhone with the iOS 18.2 update.

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!