Network Services
SMB: Server Message Block
Understanding SMB
SMB - Server Message Block Protocol - is a client-server communication protocol used for sharing access to files, printers, serial ports and other resources on a network. Servers make file systems and other resources (printers, named pipes, APIs) available to clients on the network.
The SMB protocol is known as a response-request protocol, meaning that it transmits multiple messages between the client and server to establish a connection. Clients connect to servers using TCP/IP, NetBEUI or IPX/SPX.
What runs SMB?
Microsoft Windows operating systems since Windows 95 have included client and server SMB protocol support. Samba, an open source server that supports the SMB protocol, was released for Unix systems.
Enumerating SMB
Lets check how many ports are open
We have 2 open ports
Lets run a detailed scan
SMB is running on ports 139 and 445
Lets use enum4linux to enumerate SMB
The name of the Workgroup is WORKGROUP
POLOSMB is the name of the machine and the OS version is 6.1
This share is interesting
Exploiting SMB
Lets use smbclient to connect to the share.
We are logged in.
Lets transfer the Information.txt file onto our machine and read it.
We can assume that this folder belongs to "John Cactus".
Reading the file, we can see that ssh has been enabled for employees to work from home, so we can also check out the .ssh folder on the smb share as it has ssh file that we can use to login to the machine using ssh.
Lets change directories into the .ssh folder and list the files.
To most useful file to us is the id_rsa file as we can use that to login through ssh.
Lets do this.
The username is cactus, lets login and read the file
Telnet
Understanding Telnet
Enumeration Telnet
Lets start enumerating by running a nmap scan to see what port are open on the machine
Exploiting Telnet
Lets login through telnet
Lets create the payload and start a listener
Lets run the exploit
We should get a reverse shell
Lets read the flag
FTP: File Transfer Protocol
Understanding FTP
Enumerating FTP
Lets start scanning
Lets login through FTP
Lets get this file on our machine and read it
We can see that Mike is a possible username
Exploiting FTP
Lets crack the password using hydra
Now lets login and get the ftp.txt file on our machine and read it
Last updated