Find pipes name – Helow guy’s in this article I’m going to teach you how to find windows pipes name over SMB with PIPE_AUDITOR module inย Metasploit.
What is PIPES?
Named pipe spoofing is a technique used by theย Metasploitย framework to escalate these privileges. The officially named pipe technology is built into the Windows operatingย systemย to facilitate communication between processes. Pipe uses a file to exchange messages between two processes.
How to find pipes name over SMB?
We find pipes’ names with a pipe_auditor module. The pipe_auditor scanner will determine which named pipes are available inย SMB. During the scan phase, this can give you an idea of some of the services running on theย remote system.
Step 1: Choose pipe_auditor module
1. First, we need to open the Metasploit framework tool, so enter the following command in your terminal.
msfconsole -q
2. Now type the below command to select the pipe_auditorย module
use auxiliary/scanner/smb/pipe_auditor
Step 2: Find pipes name over SMB
1. Then enter the command “show options“, it will help you display the required parameter
show options
2. Now start the scanner, just pass at least the RHOSTS value to the module and start it
msf6 auxiliary(pipe_auditor) > set RHOSTS 192.168.1.140-160
RHOSTS => 192.168.1.150-160
msf6 auxiliary(pipe_auditor) > set THREADS 11
THREADS => 11
msf6 auxiliary(pipe_auditor) > run
[*] 192.168.1.150 - Pipes: \browser
[*] 192.168.1.160 - Pipes: \browser
[*] Scanned 02 of 11 hosts (018% complete)
[*] Scanned 10 of 11 hosts (090% complete)
[*] Scanned 11 of 11 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/pipe_auditor) >
We can see that launching the scanner without credentials does not return a lot of information. However, if you were provided with credentials as part of a penetration test, you will find that the pipe_auditorย scannerย returns more information.
msf6 auxiliary(pipe_auditor) > set RHOSTS 192.168.1.140-160
RHOSTS => 192.168.1.150-160
msf6 auxiliary(pipe_auditor) > set THREADS 11
THREADS => 11
msf6 auxiliary(pipe_auditor) > run
[*] 192.168.1.150 - Pipes: \browser
[*] 192.168.1.160 - Pipes: \browser
[*] Scanned 02 of 11 hosts (018% complete)
[*] Scanned 10 of 11 hosts (090% complete)
[*] Scanned 11 of 11 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(pipe_auditor) > set SMBPass Errorsfind
SMBPass => Errorsfind
msf6 auxiliary(pipe_auditor) > set SMBUser admin
SMBUser => admin
msf6 auxiliary(pipe_auditor) > run
[*] 192.168.1.150 - Pipes: \netlogon, \lsarpc, \samr, \browser, \atsvc, \DAV RPC SERVICE, \epmapper, \eventlog, \InitShutdown, \keysvc, \lsass, \ntsvcs, \protected_storage, \scerpc, \srvsvc, \trkwks, \wkssvc
[*] Scanned 02 of 11 hosts (018% complete)
[*] 192.168.1.160 - Pipes: \netlogon, \lsarpc, \samr, \browser, \atsvc, \DAV RPC SERVICE, \epmapper, \eventlog, \InitShutdown, \keysvc, \lsass, \ntsvcs, \protected_storage, \router, \scerpc, \srvsvc, \trkwks, \wkssvc
[*] Scanned 04 of 11 hosts (036% complete)
[*] Scanned 08 of 11 hosts (072% complete)
[*] Scanned 09 of 11 hosts (081% complete)
[*] Scanned 11 of 11 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(pipe_auditor) >