Secondary Categories: 02 - Lateral Movement Links: NTLM Relay
SMB Signing
We can generate a list of machines that do not have SMB signing enabled by utilizing nmap or crackmapexec
#CME
crackmapexec smb $subnet --gen-relay-list smb-check
crackmapexec smb targets.txt --gen-relay-list smb-check
#nmap
nmap --script=smb-security-mode -p445 -iL targets.txt -oA smb-check
nmap --script=smb-security-mode -p445 $ip -oA smb-check