Find pipes name – Helow guy’s in this article I’m going to teach you how to find windows pipes name over SMB with PIPE_AUDITOR module in Metasploit.
What is PIPES?
Named pipe spoofing is a technique used by the Metasploit framework to escalate these privileges. The officially named pipe technology is built into the Windows operating system to facilitate communication between processes. Pipe uses a file to exchange messages between two processes.
How to find pipes name over SMB?
We find pipes’ names with a pipe_auditor module. The pipe_auditor scanner will determine which named pipes are available in SMB. During the scan phase, this can give you an idea of some of the services running on the remote system.
Step 1: Choose pipe_auditor module
1. First, we need to open the Metasploit framework tool, so enter the following command in your terminal.
msfconsole -q 2. Now type the below command to select the pipe_auditor module
use auxiliary/scanner/smb/pipe_auditor Step 2: Find pipes name over SMB
1. Then enter the command “show options”, it will help you display the required parameter
show options 
2. Now start the scanner, just pass at least the RHOSTS value to the module and start it
msf6 auxiliary(pipe_auditor) > set RHOSTS 192.168.1.140-160RHOSTS => 192.168.1.150-160msf6 auxiliary(pipe_auditor) > set THREADS 11THREADS => 11msf6 auxiliary(pipe_auditor) > run[*] 192.168.1.150 - Pipes: browser[*] 192.168.1.160 - Pipes: browser[*] Scanned 02 of 11 hosts (018% complete)[*] Scanned 10 of 11 hosts (090% complete)[*] Scanned 11 of 11 hosts (100% complete)[*] Auxiliary module execution completedmsf6 auxiliary(scanner/smb/pipe_auditor) > We can see that launching the scanner without credentials does not return a lot of information. However, if you were provided with credentials as part of a penetration test, you will find that the pipe_auditor scanner returns more information.
msf6 auxiliary(pipe_auditor) > set RHOSTS 192.168.1.140-160RHOSTS => 192.168.1.150-160msf6 auxiliary(pipe_auditor) > set THREADS 11THREADS => 11msf6 auxiliary(pipe_auditor) > run[*] 192.168.1.150 - Pipes: browser[*] 192.168.1.160 - Pipes: browser[*] Scanned 02 of 11 hosts (018% complete)[*] Scanned 10 of 11 hosts (090% complete)[*] Scanned 11 of 11 hosts (100% complete)[*] Auxiliary module execution completedmsf6 auxiliary(pipe_auditor) > set SMBPass ErrorsfindSMBPass => Errorsfindmsf6 auxiliary(pipe_auditor) > set SMBUser adminSMBUser => adminmsf6 auxiliary(pipe_auditor) > run[*] 192.168.1.150 - Pipes: netlogon, lsarpc, samr, browser, atsvc, DAV RPC SERVICE, epmapper, eventlog, InitShutdown, keysvc, lsass, ntsvcs, protected_storage, scerpc, srvsvc, trkwks, wkssvc[*] Scanned 02 of 11 hosts (018% complete)[*] 192.168.1.160 - Pipes: netlogon, lsarpc, samr, browser, atsvc, DAV RPC SERVICE, epmapper, eventlog, InitShutdown, keysvc, lsass, ntsvcs, protected_storage, router, scerpc, srvsvc, trkwks, wkssvc[*] Scanned 04 of 11 hosts (036% complete)[*] Scanned 08 of 11 hosts (072% complete)[*] Scanned 09 of 11 hosts (081% complete)[*] Scanned 11 of 11 hosts (100% complete)[*] Auxiliary module execution completedmsf6 auxiliary(pipe_auditor) >
Post a Comment