Pasar archivos de Linux (Kali) a Windows puede ser un problema durante un pentest. Claramente no puedes solo llegar con un USB ja.
Hoy les mostraré mi método favorito.
Usaremos Impacket más concretamente “impacket-smbserver” para hacer un share desde donde podemos transferir o hasta ejecutar archivos. Las opciones son:
root@kali:~/Desktop# impacket-smbserver
Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation
usage: smbserver.py [-h] [-comment COMMENT] [-username USERNAME]
[-password PASSWORD] [-hashes LMHASH:NTHASH] [-debug]
[-ip INTERFACE_ADDRESS] [-port PORT] [-smb2support]
shareName sharePath
This script will launch a SMB Server and add a share specified as an argument.
You need to be root in order to bind to port 445. No authentication will be
enforced. Example: smbserver.py -comment 'My share' TMP /tmp
positional arguments:
shareName name of the share to add
sharePath path of the share to add
optional arguments:
-h, --help show this help message and exit
-comment COMMENT share's comment to display when asked for shares
-username USERNAME Username to authenticate clients
-password PASSWORD Password for the Username
-hashes LMHASH:NTHASH
NTLM hashes for the Username, format is LMHASH:NTHASH
-debug Turn DEBUG output ON
-ip INTERFACE_ADDRESS, --interface-address INTERFACE_ADDRESS
ip address of listening interface
-port PORT TCP port for listening incoming connections (default
445)
-smb2support SMB2 Support (experimental!)
Lo más sencillo durante un pentest es compartir todo tu root directory pero aja, es peligroso.
root@kali:~/Desktop# impacket-smbserver 'prueba' /
Para acceder desde windows puede ser desde el command line
C:\Users\victim>dir \2.16.138.129\prueba Volume in drive \2.16.138.129\prueba has no label. Volume Serial Number is ABCD-EFAA Directory of \2.16.138.129\prueba 11/11/2019 01:48 AM <DIR> . 11/11/2019 01:48 AM <DIR> .. 10/26/2019 03:53 PM <DIR> lib64 11/11/2019 12:26 AM <DIR> opt 09/16/2019 02:58 PM 24,932 index.html 10/26/2019 03:59 PM <DIR> sbin
o el GUI
