Creating Batch Files for SMB Brute Force

Sep 10, 2024

Lecture Notes: Creating a Batch File for SMB Brute Force

Disclaimer

  • Purpose: The lecture is for educational purposes only.
  • Ethics: Do not use the information without permission.

Introduction

  • Background: The speaker shares their experience with batch files and related tools.
  • Focus: Creating a batch file to perform SMB (Server Message Block) brute force attacks and how to defend against such attacks.

Tools Needed

  • Software: Notepad (Notepad++ recommended for syntax highlighting).

Key Concepts

Batch Files

  • Definition: Simple scripts that automate tasks in Windows.
  • Common Uses: Creating menus, prank viruses, etc.

SMB (Server Message Block) Protocol

  • Function: Allows sharing of files, printers, and other resources in a network.
  • Importance: Understanding SMB is essential for cybersecurity practices.

Steps to Create the Batch File

  1. Setup Environment

    • Use @echo off to disable command prompt visibility.
    • Obtain the following inputs:
      • IP address of the target computer.
      • Username.
      • Password list (text file).

  2. Input Variables

    • Create prompts for:
      • Entering IP address.
      • Entering username.
      • Entering password list.

  3. Loop Through Passwords

    • Use FOR loop to iterate through the password list:
      • Command syntax: FOR /F %%a IN (passlist.txt) DO ...

  4. Login Attempts

    • Use the command: net use \IP_ADDRESS /user:USERNAME PASSWORD
    • Implement a function to check login success:
      • Check the ERRORLEVEL to determine if login was successful (0 = success, non-zero = error).

  5. Success and Failure Messages

    • If login is successful, echo "Password Found" and exit.
    • If not successful, continue looping through the password list.
    • At the end, display "Password Not Found" if none of the attempts succeed.

  6. Disconnecting

    • Ensure to disconnect from the target after each successful connection to avoid errors.

Code Walkthrough

  • The speaker demonstrates the code implementation step-by-step, correcting errors and improving the output formatting throughout the process.
  • Final code is named SMB Brute Force by B man.

Practical Demonstration

  • Testing: The code is tested on the speaker's and brother's laptops with their permission.
  • Results: Demonstrates the speed of brute force attempts.

Defending Against Brute Force Attacks

  • Recommendations:
    • Disable SMB if not needed.
    • Avoid open network shares.
    • Use complex passwords.
    • Set limits on login attempts to prevent brute forcing.

Conclusion

  • Code Availability: Final code will be shared on GitHub.
  • Call to Action: Encourage viewers to provide feedback and subscribe for more content on coding and cybersecurity tools.

Full transcript