Blog Posts Tagged with "SMBRelay"

D8853ae281be8cfdfa18ab73608e8c3f

MS08_068 + MS10_046 = FUN UNTIL 2018

March 06, 2012 Added by:Rob Fuller

If you are on an internal penetration test and either exploit a machine or find an open share, you can create an LNK file with an icon that points at a nonexistent share on your attacking machine's IP...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SMBRelay Attacks on Corporate Users Part 2

April 27, 2011 Added by:Alexander Polyakov

MS Office programs will show an alert to our victim if it couldn't download content from a remote resource. We could put a document on our shared resource and when MS Office opens the doc, it takes a style sheet from our shared resource and doesn't show an alert to the victim...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SMBRelay Attacks on Corporate Users

April 07, 2011 Added by:Alexander Polyakov

An attack on a network is a progressive action. We escalate our rights step-by-step to a domain administrator. Even casual un-privileged users can give us access to some shared resources. But how do we get these user rights? We can enforce users to authenticate on controlled a machine...

Comments  (0)

7d55c20d433dd60022642d3ab77b8efb

SMB Relay and Network Scanner Attacks

March 16, 2011 Added by:Alexander Polyakov

In big corporate networks there can be some servers with software that does an automated scan of the subnet for some purpose. This scan uses an SMB protocol and, of course, NTLM authentication. If an attacker's host is in the same subnet, he can complete the relay. Attackers just need to be patient...

Comments  (0)