SmbRelay3 – SMB/HTTP to SMB replay attacks
来源:互联网 发布:百度云不能连接网络 编辑:程序博客网 时间:2024/04/29 09:07
Server Message Block normally provides shared access to files, printers, serial ports, and miscellaneous communications between nodes on a Windows network. So, you know how important it is! At the same time, it is VERY insecure. If you are able to force remote users to connect to your system via HTTP or SMB, theorically then, the network belongs to you. SmbRelay3 will let you do all of that!
Infact, SMBRelay3 is one of the first public tools that helps you perform the following attacks:
* HTTP to SMB: Negotiate authentication with an HTTP client and relay credentials to another smb host.
* SMB to SMB: Negotiate authentication with an SMB computer and relay credentials to another windows computer.
* IMAP to SMB: Negotiate authentication with an email IMAP client and relay credentials to another host.
* POP3 to SMB: Negotiate authentication with an email POP3 client and relay credentials to another host.
* SMTP to SMB: Negotiate authentication with an email SMTP client SMB computer and relay credentials.
* Psexec Module: If you already know username and password you can get a shell to the remote computer. This psexec like tool works under win32 and linux as does not use Microsoft API.
* Fake interface:Under linux, a new port 445 binding is done under a different IP address. All packets sent to that interface will be replayed to the previously authenticated system.
SMBrelay3 uses SMB, HTTP POP3 and IMAP protocols to exploit weak NTLM Challenges with replay attacks. Now, a good thing about this application is that it also includes an small SMB library for creating crafted messages. It is able to relay both HTTP and SMB authentication. If the incoming connection has ‘Administrative privileges’ on the client computer, you automatically get a shell! Since it is an open source application, you have all its source at your disposal! It basically makes use of these SMB queries:
SMBCLOSE, SERVICEOPERATION, READANDX, WRITEANDX, FINDFIRST2, SESSIONSETUPANDX, TREECONNETANDX, NTCREATEANDX
Now, the only bad thing about this application is that MS08-068 has effectively restricted its exploitation to the local system only. But, as long as the system is not patched, you sure can use it. Or still better, you can still replay credentials to other domain servers or use different protocols.
So, if you want to download it download it here.
- SmbRelay3 – SMB/HTTP to SMB replay attacks
- smb
- smb
- smb
- SMB
- smb
- smb
- smb
- SMB
- SMB HOW TO
- SMB大全
- SMB简介
- SMB简介
- SMB-2
- smb使用
- SMB服务
- smb.conf
- linux smb
- SQL、Access、Excel数据转换
- sql between 时间查询
- UNIX/LINUX 平台可执行文件格式分析
- 数组的一些方法
- Qt中自定义文件格式,读写二进制文件的串行化类的使用
- SmbRelay3 – SMB/HTTP to SMB replay attacks
- 怎样做好波段
- 嵌入式Linux操作系统学习规划
- ASP.NET中将DataTable导出为Excel文件
- VS2003不断重启
- 周正武大师简介
- 龙泉宝剑
- Hibernate对继承关系的映射总共有3种策略
- 悲,金融危机中,房奴没钱买短裤!
