Network Services Attacks
Last updated
Was this helpful?
Last updated
Was this helpful?
Techniques for exploiting common network services
Use NMAP, Enum4linux
Installation of smbclient: smbclient //[IP]/[SHARE]
with the tags -U [name] : to specify the user -p [port] : to specify the port
telnet [IP] [port]
ftp [ip]
/usr/sbin/showmount -e [ip]
NFS-Common
Mounting NFS shares
sudo mount -t nfs IP:share /tmp/mount/ -nolock
Tag Function sudo Run as root mount Execute the mount command -t nfs Type of device to mount, then specifying that it's NFS IP:share The IP Address of the NFS server, and the name of the share we wish to mount -nolock Specifies not to use NLM locking
root_squash
"smtp_version" module in MetaSploit
Enumerate users using SMTP: RFY (confirming the names of valid users) and EXPN (which reveals the actual address of user’s aliases and lists of e-mail (mailing lists)
Version scanner: auxiliary/scanner/smtp/smtp_version
Connect to mysql database: mysql -h [IP] -u [username] -p
mysql schema dump: auxiliary/scanner/mysql/mysql_schemadump hash dump: auxiliary/scanner/mysql/mysql_hashdump
ftp arp poisoning:
To install client: sudo apt install default-mysql-client
nmap's mysql-enum script: or