A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Getting the goods with smbexec - Eric Milam & Martin Bos Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Getting the goods with smbexec - Eric Milam & Martin Bos
Derbycon 2013

Description: “Individuals often upload and execute a payload to a remote system during penetration tests for foot printing, gathering information, and to compromise additional hosts. When trying to remain stealthy, uploading a shell to a target may not be wise. smbexec takes advantage of native Windows functionality and SMB authentication to execute commands on remote Windows systems without having to upload a payload, decreasing the likelihood of being stopped by AntiVirus. The original intent of creating smbexec was to upload and execute obfuscated payloads using samba tools. Since the first PoC, it has expanded its capability to do more, including dumping local and domain cached password hashes, clear text passwords from memory, and stealing the NTDS.dit file from a Windows Domain controller all without the need for a shell on the victim. We will explore the creation of smbexec, the components behind it, and how to leverage its functionality to get the goods from a system without having to use a payload.”

Bio: Eric is a principal security assessor on the Accuvant LABS enterprise assessment team with over fifteen (15) years of experience in information technology. Eric has performed innumerable consultative engagements including enterprise security and risk assessments, perimeter penetration testing, vulnerability assessments, social engineering, physical security testing, wireless assessments and extensive experience in PCI compliance controls and assessments. Eric is a project steward for the Ettercap project as well as creator and developer of the easy-creds and smbexec projects.
Martin Bos is a consultant with the Accuvant LABS Attack & Penetration team and has multiple years of experience in the Information Security industry. Martin Bos is also a developer for the Kali-Linux project and one of the founders of Derbycon. Martin is rumored to have feelings but this can neither be confirmed nor denied.

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast