I’ve been doing this for way too long and I’m getting old. I’m comfortable with specific tools I’ve used for 15 years. I like using Medusa created by jmk-foofus. What if your client has their shit together and have finally removed SMBv1? Originally I went and found a Windows XP system to run my password guessing attack against but that system isn’t in scope anymore. I also used other tools written in Powershell that can do a password spray but I like how quick Medusa is. It is also one of the few tools which can tell me if a password is valid but the account will need to change that password. So the commands below will get Medusa compiled with SMBv2 support in Kali Linux.
Step 1 – Install all dependencies
sudo apt install autoconf automake docbook-xsl doxygen findutils libkrb5-dev libtool libxml2 libxslt1.1 libunistring-dev m4 libssl-dev pkg-config libwbclient-dev gettext
Step 2 – Download the Source Code for Medusa and additional dependencies.
cd ~/
mkdir source
cd ~/source
git clone https://github.com/simo5/gssntlmssp.git
git clone https://github.com/sahlberg/libsmb2.git
git clone --branch add-libsmb2-support https://github.com/jmk-foofus/medusa.git
Step – 3 Compile and Install Downloaded Software
cd ~/source/gssntlmssp
autoreconf -f -i
./configure
make
sudo make install
cd ~/source/libsmb2
autoreconf -f -i
./configure
make
sudo make install
cd ~/source/medusa
autoreconf -f -i
./configure
make
sudo make install
References
https://github.com/jmk-foofus/medusa
Ronnie Sahlberg – Authored libsmb2
https://github.com/sahlberg/libsmb2
https://github.com/simo5/gssntlmssp.git