View the security of Windows file servers from the perspective of hackers (1)

Windows File Servers play a vital role in the network. They carry sensitive files, databases, passwords, and so on. When the file server goes down, the network is likely to be paralyzed. If they are damaged, it is equal to opening Pandora box.

The following is a real case of hacker attacks on the file server. Share with you the situation and how these vulnerabilities are exploited to damage the system-from the perspective of a hacker. This will help you learn more about how system vulnerabilities are exploited in the news and how they can be used in combination with specific situations to understand security issues-help you detect your servers from a new perspective. security, you will understand that not all security issues are unfathomable.

Step 1: Find An uninstalled patch

Install all the important Microsoft Security Updates you know, and then scan them with your favorite vulnerability detection tools. You will find that there are also vulnerabilities that may be attacked.

You will often find that most of the Windows File Server security vulnerabilities are caused by forgetting to install patches, which often results in attacks within the network. This is largely due to the fact that many networks do not deploy intrusion protection systems internally-all internal connections are trusted. If there are criminals in your company trying to control your Windows server, it will be troublesome.

From the perspective of an internal attacker, let's take a look at how a windows Patch vulnerability was discovered. All he needs is an internal network connection and several security tools that can be downloaded for free: NeXpose Community edition and Metasploit.

The procedure is as follows:

Users with bad attempts scan the network by installing NeXpose-or a series of important servers he knows-to scan vulnerabilities.

Then he discovered a file server's MS08-067 vulnerability that allowed 'arbitrary Code' execution, which seemed a bit ridiculous.

Then, the user can view the vulnerability on the Metasploit detection list page.

Then he downloads and installs Metasploit, adds some parameters, and creates commands that can fully access your server, as shown in.

Figure 1. Use Metasploit to check MS08-067 Vulnerabilities

This vulnerability can be repeatedly performed on Vulnerable Windows systems and related applications, even if you do not know it at all. Think about how terrible the damage may be: deleting files, copying and backing up SAM databases and sensitive files, adding/Deleting Users, and so on. If you have servers on the public network that provide public access without firewall protection, the same type of attacks may also occur over the INTERNET.

It is also important to remember that the network connection mentioned above can be obtained through an insecure wireless network. A common example is to directly connect to your network using the wireless hotspot that was originally provided to scan devices in the repository. Whether they use WEP, WPA, or other encryption methods to ensure the security of these scanning devices, any building that is often in your parking lot or next to it within a certain distance) devices can easily access your network to launch attacks.

Step 2: obtain useful information from the sniffing network

When it comes to insecure wireless networks, malicious attackers may intrude into your networks to obtain sensitive information. Generally, some wireless network analysis tools, such as CommView for WiFi or AirMagnet WiFi Analyzer, are used. In addition, if an attacker can obtain a physical connection to your network or a trusted user, the attacker can use a tool to perform ARP attacks, this allows him to penetrate your Ethernet 'security' control and get anything he wants from your network.

Why is it necessary to attack a file server? Attackers can easily obtain a password through SMB, POP3, WEB, FTP, and windows Authentication conversations and use it as an illegal direct link to access your file server.

Figure 2. Use a tool such as Cane % Abel to easily or use a password

In the lower part of this article, we will introduce how to obtain sensitive files and conduct attacks that indirectly affect the security of file servers.

The following is a real case of hacker attacks on the file server that TechTarget special author in China has encountered. In the upper part of this article, we will introduce how to find an uninstalled patch and how to obtain useful information from the sniffing network. What are the next steps?