SMB to HTTP relay version of Get NAA Creds
Description
This module creates an SMB server and then relays the credentials passed to it to SCCM's HTTP server (aka Management Point) to gain an authenticated connection. Once authenticated it then attempts to retrieve the Network Access Account(s), if configured, from the SCCM server. This requires a computer account, which can be added using the samr_account module. If you have domain credentials but are unsure of the either the MANAGEMENT_POINT or SITE_CODE for the SCCM server, the original (non-relay) version of this module has an auto discovery feature which will use domain credentials to run an LDAP query to find both the MANAGEMENT_POINT and the SITE_CODE.
Author(s)
- xpn
- skelsec
- smashery
- jheysel-r7
Development
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
msf > use auxiliary/server/relay/relay_get_naa_credentials
msf auxiliary(relay_get_naa_credentials) > show actions
...actions...
msf auxiliary(relay_get_naa_credentials) > set ACTION < action-name >
msf auxiliary(relay_get_naa_credentials) > show options
...show and set options...
msf auxiliary(relay_get_naa_credentials) > run 
- Collect and share all the information you need to conduct a successful and efficient penetration test
- Simulate complex attacks against your systems and users
- Test your defenses to make sure they’re ready
- Automate Every Step of Your Penetration Test
Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.
– Jim O’Gorman | President, Offensive Security