Skip to main content

Smbexec Install for Kali 2016.2


This is my how-to current as of August 31, 2017.

Context
Kali Linux 2016.2 after:
apt-get update
apt-get upgrade
apt-get dist-upgrade
apt auto-remove
restart

Reason
Training, see: https://www.cybrary.it/course/advanced-penetration-testing/
Video: https://www.cybrary.it/video/post-exploitation-part-4/

Downloads

cd /opt
git clone https://github.com/pentestgeek/smbexec.git
git clone https://github.com/libyal/libesedb.git
git clone https://github.com/csababarta/ntdsxtract /opt/NTDSXtract
wget https://raw.githubusercontent.com/infoassure/dumpntds/master/dshashes.py -O /opt/NTDSXtract/dshashes.py


Install Required Tools/Libraries

apt-get install automake autoconf autopoint gcc-mingw-w64-x86-64 libtool pkg-config passing-the-hash ruby-nokogiri ruby-libxml libxml2-dev libxslt1-dev



Build libesbdb

cd /opt/libesedb/
./synclibs.sh
./autogen.sh
./configure
make

Install Bundler
gem install bundler
 
Install Smbexec

First edit the file /opt/smbexec/smbexec.yml
Update the paths as follows:

mingw: /usr/bin/x86_64-w64-mingw32-gcc
esedbexport: /opt/libesedb/esedbtools/esedbexport

Then
cd /opt/smbexec/

bundle install

./install.sh






Some external executables are missing:
ln -s /usr/bin/pth-winexe /opt/smbexec/progs/smbwinexe
ln -s /usr/bin/pth-smbclient /opt/smbexec/progs/smbexeclient




Done install.

Installation Troubleshooting
I was getting an error in utils.rb with one of my installs
The error had to do with this line:
self.gsub!(/[\xef|\xbb|\xbf]/, '')
The solution was to double backslash the bytes like this:
self.gsub!(/[\\xef|\\xbb|\\xbf]/, '')

I see with this install that someone replaced the line with this:
self.gsub!(/[\x00ef|\x00bb|\x00bf]/, '')

I found it advantageous to run the bundle install ahead of the install.sh. There were a number of libraries that had to be installed that the Bundler was not able to manage on it's own.
You have to examine the errors indicated by Bundler and look for those libraries and install them.
The process looks like this for example:
Missing libxml2 indicated in bundle install output.
apt-cache search libxml2
--- snip ---
libxml2-dev - Development files for the GNOME XML library
--- snip ---
apt-get install  libxml2-dev


Summary
I hope this helps you now or some time in the future. Feel free to replicate this how-to for fame or posterity, or to update it to include resolutions for new issues.

Rob

Comments

Post a Comment

Popular posts from this blog

GIAC GXPN Review – SANS SEC660 (Advanced Penetration Testing, Exploit Writing, and Ethical Hacking)   Intro  SANS is a well respected and premier cyber security training company that employs industry experts as instructors. GIAC is a company that produces testing to validate the skills of security professionals. GIAC exams validate the learning outcomes of the SANS courses. Prerequisites Before attempting this course you should be familiar with penetration testing as this is an advanced course. I would say that you should also be familiar with assembly language and shellcoding. It would be best if you have studied basic stack overflow exploits prior to this course. You will need a basic understanding of programming in C or C++ (preferably both). Scripting using Python would be a useful prerequisite. If you could learn a bit of Ruby scripting it would help for the Metasploit module creation. Be familiar with various routing and networking protocols. Course Coverage This course covers ma
Post a Comment
Read more

PolySetuidExecve1434

This blog post has been created for completing the requirements of the SecurityTube Linux Assembly Expert certification." http://securitytube-training.com/online-courses/securitytube-linux-assembly-expert/ Student ID: SLAE64-1434 Target Operating System : 64 bit Linux (x86_64 GNU/Linux) This blog post is part of Assignment 6: http://a41l4.blogspot.ca/2017/03/assignment-6.html The Original Version: http://shell-storm.org/shellcode/files/shellcode-77.php My Version: GitHub Link : https://github.com/rtaylor777/nasm/blob/master/PolySetuidExecve1434.nasm Published : https://www.exploit-db.com/exploits/41498/ Original Shellcode bytes = 49 My version: Number of bytes = 31 Number of nulls = 0 PolySetuidExecve1434.nasm Intro This shellcode when executed will first setuid(0) and then execute /bin/sh and provide you with a shell. The purpose of calling setuid(0) is, suppose that you have managed to inject this shellcode into an executable that is Set-UID root. I
Post a Comment
Read more