SMB protocol
Server Message Block protocol
Is the most security-related protocol in Microsoft's history.
Achieve complex
System is open by default
File sharing
Null session unauthenticated access (SMB1.0 vulnerability)
Password policy, user name, group name, machine name, user, group SID can be obtained through this vulnerability
SMB Scan
Nmap-v-P 139,445 192.168.1.1/24
Nmap 192.168.60.4-p 139,445--script=smb-os-discovery.nse
(Show more information)
Nmap-v-p139,445--script=smb-check-vulns--script-args=unsafe=1 1.1.1.1-PN
(If it is unsafe that nmap will be a destructive scan of the host, if safe is the opposite plus PN even if there is a firewall sweep)
Nbtscan-r 192.168.60.0/24
Enum4linux-a 192.168.60.10 (Scan results very detailed, can establish an empty connection)
SMTP Scan
NC-NC 1.1.1.1 25
Vrfyroot
Scan user Account
Nmap smtp.163.com-p25--script=smtp-enum-users.nse--script-args=smtp-enum-users.methods={vrfy}
Nmap Smtp.163.com-p25--script=smtp-open-relay.nse
Smtp-user-enum-m vrfy-u Users.txt-t 1.1.1.1
This article is from the "Xiao Yu" blog, please be sure to keep this source http://791120766.blog.51cto.com/10836248/1766490
April 21, 2016 Infiltration learning summary