In this article, we will learn how to gain control over our victim’s PC through SMB Port. There are various ways to do it and let take time and learn all those because different circumstances call for a different measure.

Table of Content

• Hydra
• X-Hydra
• Medusa
• Ncrack
• Metasploit

xHydra

This is the graphical version to apply dictionary attack via SMB port to hack a system. For this method to work:

Open xHydra in your Kali. And select Single Target option and there give the IP of your victim PC. And select smb in the box against Protocol option and give the port number 445 against the port option.

Now, go to Passwords tab and select Username List and give the path of your text file, which contains usernames, in the box adjacent to it. Then select Password List and give the path of your text file, which contains all the passwords, in the box adjacent to it.

After doing this, go to the Start tab and click on the Start button on the left. Now, the process of dictionary attack will start. Thus, you will attain the username as pc21 and password as 123 of your victim.

Hydra

This is one command method and works efficiently with not much work. This method works in the terminal of kali. Therefore, open the terminal in your kali and type:

1	hydra -L /root/Desktop/user.txt -P /root/Desktop/pass.txt 192.168.1.118 smb

Here,

-L –> denotes the path of username list

-P –> is to denote the path of the password

Once the commands are executed it will start applying the dictionary attack and so you will have the right username and password in no time. After a few minutes, Hydra cracks the credential, as you can observe that we had successfully grabbed the SMB username as pc21 and password as 123.

Ncrack

This too is a one command method which also works in the terminal of kali. Go to your terminal and type:

1	ncrack –U /root/Desktop/user.txt -P /root/Desktop/pass.txt 192.168.1.118 –p 445

Here,

 -U –> denotes the path of username list

-P –> denotes password file’s path

445 –> is the port number

And so, with little work, we can attain the password and username of our victim’s PC. Hence, all the methods to hack a system through SMB port which is used for file sharing

Medusa

Medusa is a speedy, parallel, and modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible Run the following command

1	medusa -h 192.168.1.118 -U /root/Desktop/user.txt -P /root/Desktop/pass.txt -M smbnt

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Metasploit

This module will test an SMB login on a range of machines and report successful logins. If you have loaded a database plugin and connected to a database this module will record successful logins and hosts so you can track your access.

Once the Metasploit opens type:

1 2 3 4 5 6

use auxiliary/scanner/smb/smb_loginmsf exploit (smb_login)>set rhosts 192.168.1.118msf exploit (smb_login)>set user_file /root/Desktop/user.txtmsf exploit (smb_login)>set pass_file /root/Desktop/pass.txtmsf exploit (smb_login)>set stop_on_success truemsf exploit (smb_login)>exploit

Here,

auxiliary/scanner/smb/smb_login—> is a module we will use to attempt to login

/root/Desktop/user.txt –> is the path of a text file which is the resident of all the possible usernames.

/root/Desktop/pass.txt –> is the path of a text file in which all the possible passwords resides.

Now, the process of dictionary attack will start. Thus, you will attain the username and password of your victim.

Author: Aarti Singh is a Researcher and Technical Writer at Hacking Articles