Penetration Test
Network-Based Exploits
NAME RESOLUTION EXPLOITS
- NETBIOS name service(NBNS)
- Part of NetBIOS-over-TCP
- Similar functionality to DNS
- LLMNR(Link-local Multicast Name Resolution)
- Protocol based on DNS packet format
- Allows IPv4 and IPv6 name resolution on the same local link
- DNS and ARP poisoning
- SMB (Server Message Block) exploits
- Protocol used in Windows to provide file and printer access, and remote service access
- TCP ports 139 and 445
- Some ransomware(EternalBlue, WannaCry) use SMB to propagate
- SNMP(Simple Network Management Protocol) exploits
- Query and manage IP devices
- Multiple versions - SNMPv1 is not secure
EVEN MORE NETWORK EXPLOITS
- SMTP(Simple Mail Transport Protocol) exploits
- Standard protocol for transmitting email
- Open relay, local relay, phishing, spam, etc.
- FTP(File Transfer Protocol) exploits
- Overall insecure protocol for transferring files
- No encryption for transfers and credentials
- Easy for attackers to use for data exfiltration if FTP is available
QUICK REVIEW
- Successful redirection attacks can drive victim traffic to your chosen destination
- SMB is a popular target for propagating malware
- SNMP that is not secure can make many IP devices vulnerable
- FTP is often used to place malware and exploit tools
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。