If you see a service with TCP port 445 open, then it is probably running SMB. SMB is used for file sharing services. You will also see it related to other protocols in its operation:
Here is a check list of common things to check:
- Can you enumerate the server version?
- Can you enumerate shares?
- What versions of the protocol are enabled?
- Can you connect using anon bind?
- Are there any known vulnerabilities?
- Can you enumerate usernames?
- Is SMB signing enabled?
- Are there other hosts in the subnet that can be used?
Read more “Server Message Block (SMB) Enumeration, Attack and Defence”
This is an experiment to combine a near real time thread on twitter and a blog… I have no idea if this will work. The premise is, we are conducting a adversary simulation against a target and want to see how this translates into a ‘plain language’ blog/story about how these things work. (I’ve also not included sales/scoping/documentaiton and clearly not all of this is in real time) but it is real!
The Fundamental Steps
Ok so first thing is first – the criminal part is a joke! We are here to help people. What we are going to do however is consider the general cyber threat landscape, look at the organisation from an ‘external threat actor’ perspective and then see what we can map out from an attack surface point of view.
Read more “Becoming a Cyber Criminal (Pro) – Basic External Attacks”