This exploit train is relatively simple, but we can automate a portion of this with the Metasploit Remote Procedure Call (MSFRPC). This script will use the
nmap library to scan for active ports of
445, then generate a list of targets to test using a username and password passed via argument to the script. The script will use the same
smb_enumusers_domain module to identify boxes that have the credentials reused and other viable users logged into them. First, we need to install
SpiderLabs msfrpc library for Python. This library can be found at https://github.com/SpiderLabs/msfrpc.git.
A github repository for the book can be found at https://github.com/funkandwagnalls/pythonpentest and within it is a setup ...