keimpx 介绍

keimpx是一个开源的工具,在Apache 1.1许可的修改版本发布。

它可以用来快速检查在网络上通过SMB有效凭证。凭据可以是:

如果有任何有效凭据被发现在网络上的攻击阶段后,用户在主机上被要求选择连接到和使用的有效凭据,那么他将被提示一个互动SMB shell,

资料来源:https://github.com/inquisb/keimpx
keimpx 首页
keimpx 源代码版本库

包含在keimpx里的工具

keimpx - 检查在网络上通过SMB有效凭据

:~# keimpx -h

    keimpx 0.3-dev
    by Bernardo Damele A. G. <>
   
Usage: ./keimpx.py [options]

Options:
  --version       show program's version number and exit
  -h, --help      show this help message and exit
  -v VERBOSE      Verbosity level: 0-2 (default: 0)
  -t TARGET       Target address
  -l LIST         File with list of targets
  -U USER         User
  -P PASSWORD     Password
  --nt=NTHASH     NT hash
  --lm=LMHASH     LM hash
  -c CREDSFILE    File with list of credentials
  -D DOMAIN       Domain
  -d DOMAINSFILE  File with list of domains
  -p PORT         SMB port: 139 or 445 (default: 445)
  -n NAME         Local hostname
  -T THREADS      Maximum simultaneous connections (default: 10)
  -b              Batch mode: do not ask to get an interactive SMB shell
  -x EXECUTELIST  Execute a list of commands against all hosts

keimpx 用法示例

导入的IP地址列表(-l /root/smbopen.txt),并尝试登录的用户被害人(-U victim)与s3cr3t(-P s3cr3t)的密码用的详细级别1(-v 1)在批处理模式(-b)运行:

:~# keimpx -l /root/smbopen.txt -U victim -P s3cr3t -v 1 -b

    keimpx 0.3-dev
    by Bernardo Damele A. G. <>
   
[09:26:59] [INFO] Loading targets
[09:26:59] [INFO] Loading credentials
[09:26:59] [INFO] Loading domains
[09:26:59] [INFO] Loaded 4 unique targets
[09:26:59] [INFO] Loaded 1 unique credentials
[09:26:59] [INFO] No domains specified, using NULL domain
[09:26:59] [INFO] Attacking host 192.168.1.104:445
[09:26:59] [INFO] Attacking host 192.168.1.200:445
[09:26:59] [INFO] Attacking host 192.168.1.220:445
[09:26:59] [INFO] Attacking host 192.168.1.232:445
[09:26:59] [INFO] Wrong credentials on 192.168.1.104:445: victim/s3cr3t (ERRnoaccess(Access denied.))
[09:26:59] [INFO] Attack on host 192.168.1.104:445 finished
[09:26:59] [INFO] Valid credentials on 192.168.1.200:445: victim/s3cr3t