Description: This module will relay SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. To exploit this, the target system must try to authenticate to this module. The easiest way to force a SMB authentication attempt is by embedding a UNC path (\\SERVER\SHARE) into a web page or email message. When the victim views the web page or email, their system will automatically connect to the server specified in the UNC share (the IP address of the system running this module) and attempt to authenticate. Unfortunately, this module is not able to clean up after itself. The service and payload file listed in the output will need to be manually removed after access has been gained. The service created by this tool uses a randomly chosen name and description, so the services list can become cluttered after repeated exploitation. The SMB authentication relay attack was first reported by Sir Dystic on March 31st, 2001 at @lanta.con in Atlanta, Georgia. On November 11th 2008 Microsoft released bulletin MS08-068. This bulletin includes a patch which prevents the relaying of challenge keys back to the host which issued them, preventing this exploit from working in the default configuration. It is still possible to set the SMBHOST parameter to a third-party host that the victim is authorized to access, but the "reflection" attack has been effectively broken.
source : http://www.metasploit.com/modules/exploit/windows/smb/smb_relay
This video gives simple demo of metasploit module "exploit/windows/smb/smb_relay". Using search command in metasploit we search for smb and then select above exploit . Set different options and use it.
Tags: Windows , SMB , BackTrack ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
exploit/windows/smb/ms03_049_netapi is most powerful in this category. check out this for more information.
http://www.metasploit.com/modules/exploit/windows/smb/ms06_040_netapi
Create a Backdoor or something is not a big job, Actually The main challenge is how you can bypass that backdoor through antivirus.