smbetray: SMB MiTM tool with a focus on attacking clients

by do son · Published · Updated

SMBetray

SMBetray

SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext.

Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known.

Notice:

More information to come – currently the tool does not support SMBv1 only connections, which is not a problem 99% of the time.

Features

  • Passively download any file sent over the wire in cleartext
  • Downgrade clients to NTLMv2 instead of Kerberos
  • Inject files into directories when view by a client
  • Replace all files with an LNK with the same name to execute a provided command upon clicking
  • Replace only executable files with an LNK with the same name to execute a provided command upon clicking
  • Replace files with extension X with the contents of the file with extension X in the local provided directory
  • Replace files with the case-insensitive name X with the contents of the file sharing hte same name in the provided directory

Download

git clone https://github.com/quickbreach/SMBetray.git
cd SMBetray
bash install.sh

Use

./smbetray.py –help

SMBetray

Copyright (C) 2018 quickbreach

Source: https://github.com/quickbreach/

Tags: SMBetray