module
SMB to HTTP relay version of Get NAA Creds
| Disclosed | Created |
|---|---|
| N/A | May 6, 2025 |
Disclosed
N/A
Created
May 6, 2025
Description
This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server
(aka Management Point) to gain an authenticated connection. Once authenticated it then attempts to retrieve
the Network Access Account(s), if configured, from the SCCM server. This requires a computer account,
which can be added using the samr_account module.
If you have domain credentials but are unsure of the either the MANAGEMENT_POINT or SITE_CODE for the
SCCM server, the original (non-relay) version of this module has an auto discovery feature which will use
domain credentials to run an LDAP query to find both the MANAGEMENT_POINT and the SITE_CODE.
(aka Management Point) to gain an authenticated connection. Once authenticated it then attempts to retrieve
the Network Access Account(s), if configured, from the SCCM server. This requires a computer account,
which can be added using the samr_account module.
If you have domain credentials but are unsure of the either the MANAGEMENT_POINT or SITE_CODE for the
SCCM server, the original (non-relay) version of this module has an auto discovery feature which will use
domain credentials to run an LDAP query to find both the MANAGEMENT_POINT and the SITE_CODE.
Authors
xpn
skelsec
smashery
jheysel-r7
skelsec
smashery
jheysel-r7
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.