Smb 0-day Intranet penetration and defense

Source: Internet
Author: User

Source: baoz.net

This smb 0-day vulnerability has been around for a long time. Since it is too busy to work, I have never been concerned about it. This vulnerability affects vista, windows 7, and windows 2008. EXP must be available now. Some people have tested the vulnerability to attack vista and windows 2008.

Let's talk about Intranet penetration first. In the process of penetration, the first problem to be faced is how to quickly locate windows 2008, windows 7, and vista. Here I provide two ideas:

 

1. Scan the windows SMB version. For example, if windows 7 is 6.1, you can find the tool yourself. For the sake of harmony, you won't reveal the program name that can be scanned for the SMB version.

If you cannot find the SMB scanner, you can try to scan the IIS version. This method is relatively simple and accurate, with 80 more scanners.

As a reminder, large-scale scanning can easily trigger alarms, especially during this special period, when security workers put on a long line to catch a big fish, they will be scanned. I believe that if you have a wealth of penetration experience, you can find out which machines on the network can be operated through non-scanning methods :)

After you enter a system, refer to how to attack windows domain to control the entire network.

Html> http://www.bkjia.com/Article/200910/42027.html

As for defense, the idea is simple and complicated to implement: port 135-139,445.

There are also a lot of solutions for these ports. The advantages and disadvantages are as follows:

1. Use the routing switch device to seal the device. The advantage is that you do not need to operate the terminal, and it is difficult for the end user to modify the policy. The disadvantage is that the blocks are too large to implement access control from the entire PC to the PC. In addition, if there are exceptional users, operations and audits are quite troublesome. If you can enforce this policy and have high security tolerance, this is the best choice.

2. Block it through the local firewall, such as SEP and MCAFEE. The advantage is that policies can be issued in a unified manner, with exceptional user control. The disadvantage is that the system may have to pay a performance cost for this.

3. Use activex to control ipsec Policy blocking. The advantage is unified distribution, flexible exceptions, detailed control points, strong control, and low impact on the system. The short point is that the user may close the IPSEC service, but this short point can be avoided: automatically enable the ipsec service upon initial installation, and regularly call activex check and enable the ipsec service through external scans or the OA system. Of course, if you have a domain, it can also be implemented through the domain.

The latter two solutions can achieve flexible end-to-end access control.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.