smbetray: SMB MiTM tool with a focus on attacking clients
by do son · Published · Updated
SMBetray
SMB MiTM tool with a focus on attacking clients through file content swapping, lnk swapping, as well as compromising any data passed over the wire in cleartext.
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to intercept and modify insecure SMB connections, as well as compromise some secured SMB connections if credentials are known.
Notice:
More information to come – currently the tool does not support SMBv1 only connections, which is not a problem 99% of the time.
Features
- Passively download any file sent over the wire in cleartext
- Downgrade clients to NTLMv2 instead of Kerberos
- Inject files into directories when view by a client
- Replace all files with an LNK with the same name to execute a provided command upon clicking
- Replace only executable files with an LNK with the same name to execute a provided command upon clicking
- Replace files with extension X with the contents of the file with extension X in the local provided directory
- Replace files with the case-insensitive name X with the contents of the file sharing hte same name in the provided directory
Download
git clone https://github.com/quickbreach/SMBetray.git
cd SMBetray
bash install.sh
Use
./smbetray.py –help
Copyright (C) 2018 quickbreach
Source: https://github.com/quickbreach/