Hi > On 08 Aug 2016, at 16:42 , Eero Volotinen <[email protected]> wrote: > > You are sensoring the input, so it's bit hard to guess the parameters.
Just the IP address. If the server is really vulnerable it would be unwise to tell it to the whole world > > try something like smbclient //ip.address/sharename -U admin%admin or > smbclient //ip.address/c$ -U admin%admin $ smbclient //*/climbing -U admin%admin Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] tree connect failed: NT_STATUS_ACCESS_DENIED $ smbclient //*/c$ -U admin%admin Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] tree connect failed: NT_STATUS_BAD_NETWORK_NAME It is not a problem with the smbclient syntax. I can also try to mount the share with an OS X or Windows machine. Same result. Matteo > > 2016-08-08 17:22 GMT+03:00 Corti Matteo (ID BD) <[email protected] > <mailto:[email protected]>>: > Hi > > it is strange but OK according to the man page > > smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-e] > [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m > maxprotocol] [-A authfile] [-N] [-C] [-g] > [-l log-basename] [-I destinationIP] [-E] [-c <command string>] [-i > scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb > config file>] [-t <per-operation timeout in seconds>] > [-T<c|x>IXFqgbNan] [-k] > > In any case also supplying the password manually gives the same result > > $ smbclient //*/climbing -U admin > Enter admin's password: > Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] > tree connect failed: NT_STATUS_ACCESS_DENIED > > Matteo > > >> On 08 Aug 2016, at 16:18, Eero Volotinen <[email protected] >> <mailto:[email protected]>> wrote: >> >> Your smbclient syntax looks incorrect. Please check out the manpage.. >> >> Eero >> >> >> 8.8.2016 5.14 ip. "Corti Matteo (ID BD)" <[email protected] >> <mailto:[email protected]>> kirjoitti: >> Hi >> >> a recent scan shows a lot of hosts with >> >> SMB Brute Force Logins With Default Credentials (OID: >> 1.3.6.1.4.1.25623.1.0.804449) >> <https://matteo.ethz.ch:9392/omp?cmd=get_info&info_type=nvt&info_id=1.3.6.1.4.1.25623.1.0.804449&token=8625b2bf-59ca-4554-917f-e9d27a4e09c4> >> >> with the following result >> >> Vulnerability Detection Result >> It was possible to login with the following credentials via the SMB >> protocol. <User>:<Pass↵ >> word> >> >> admin:admin >> >> I am trying to check with smbclient and I don’t succeed >> >> $ smbclient //***.***.***.***/climbing admin -U admin >> Domain=[D] OS=[Unix] Server=[Samba 3.6.23-35.el6_8] >> tree connect failed: NT_STATUS_ACCESS_DENIED >> >> What am I missing? >> >> Regards >> >> Matteo >> >> -- >> ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste >> STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich >> Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> <https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss> > > -- > ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste > STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich > Tel +41 44 63 27944, http://www.id.ethz.ch <http://www.id.ethz.ch/> > -- ETH Zurich, Dr. Matteo Corti, Leiter ID Basisdienste STB H 11.1, Stampfenbachstrasse 69, 8092 Zurich Tel +41 44 63 27944, http://www.id.ethz.ch
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
