Highest Voted 'smb' Questions - IT Security Stack Exchange

9

votes

2 answers

What harm is there in obtaining password hashes in a Windows environment?

ArsTechnica posted this article recently talking about how the power grid has been penetrated: Hackers lie in wait after penetrating US and Europe power grid networks Excerpt: One tactic involved using the publicly available Phishery toolkit to…

asked Sep 07 '17 at 01:22

SDsolar

977
1
6
25

8

votes

3 answers

Is it risky to allow SMB traffic to the Internet

SMB is a well-known network file sharing protocol, and I assume it's supposed to be used internally only. At my company I found someone connecting to a share on a server on the Internet over port 445 using SMB. Is there any risk in allowing such…

network man-in-the-middle smb

asked Mar 28 '17 at 21:24

expertsnipo

93
1
1
7

5

votes

4 answers

Find SMBv1 status with Nmap

Is there a ready way with nmap's scripting option to find machines with SMB 1 still enabled server side? It'd be a whole lot faster for me to monitor my remediation if it is available. I'd rather not have to run a complete OpenVAS scan for this one…

nmap smb

asked Apr 05 '17 at 18:05

Tim Brigham

3,762
3
29
35

5

votes

1 answer

MS08-067.c fails at WNetAddConnection2()

I'm working with some exploit code for the MS08-067 vulnerability from ExploitDB. The section: WNetAddConnection2(&nr, "", "", 0)* fails with an error of 67 (ERROR_BAD_NET_NAME), but I don't know why. I'm using the correct IP as the argument for…

windows exploit source-code smb

asked Feb 26 '17 at 22:39

Synthetic Ascension

141
1
5

4

votes

2 answers

Will enabling SMB protocol authentication prevent Ransomware attack like WannaCry spreading in network?

We have a requirement of using SMB protocol due to a system limitation. will enabling SMB authentication among the nodes will prevent the ransomware threat spreading in network? Reference:…

ransomware smb

asked Dec 08 '18 at 15:26

Sayan

2,033
1
11
21

4

votes

1 answer

What to do if you still have SMBv1 running on your network?

I was looking into the network traffic at our company while preforming a security audit and I found that we still have a server running SMBv1 on the network. The server is a Windows 2003 Domain Controller and is also used as the file server for the…

server protocols smb

asked Jul 06 '17 at 21:04

Jack

433
4
9

4

votes

1 answer

How to check if Windows computer has SMB accessible over the internet?

The currently spreading ransomware WannaCry exploits SMB vulnerabilities to infect new computer. Is this exploitation possible over the internet? How to check if my computer has SMB accessible over the internet or not?

windows ransomware smb

asked May 15 '17 at 07:50

THN

143
4

3

votes

1 answer

SMBv1 Server vs Client relative vulnerability risk

IT support guy here (NOT security expert): I have several clients who currently have at least one legacy appliance that runs a Samba (or something like it) server using SMBv1, which cannot be upgraded to use higher SMB versions. Other than…

smb

asked Oct 29 '20 at 20:25

firepuppy

31
2

3

votes

0 answers

smb iptables configuration not working with vpn killswitch

my main goal is to setup iptables that work as a VPN killswitch for my openvpn connection. Thanks to a post from forest, this was pretty straight forward: OpenVPN kill switch on Linux . So. everything that is not going to TUN1 should be blocked. Now…

iptables smb

asked Apr 04 '20 at 21:30

renpen

31
1

3

votes

1 answer

SMBRelay Attack - Mount Share instead of Code Execution

Is it possible to execute an SMBRelay attack that mounts a share instead of execute code? The application I am testing uses a non-administrative user but has access to several SMB shares. Only NTLMv2 is allowed so pass-the-hash doesn't work.

penetration-test microsoft smb

asked Aug 11 '17 at 14:21

m3ta

174
2
8

3

votes

0 answers

Possible EternalBlue Infection, Next Step?

Sorry if I messed up in any manner, e.g. title, details, tags, layout, venue, response plan, etc. I know a little of the stacks and security in general. Short Version: I found material on my other machine which almost certainly is an EternalBlue…

virus ransomware spyware virus-removal smb

asked Jul 20 '17 at 20:16

KtX2SkD

131
2

3

votes

2 answers

EternalBlue exploit doesn't work against windows 8

i have tried this poc: https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e against a windows 8 target that i own, the code exits with an error that says: impacket.nmb.NetBIOSTimeout: The NETBIOS connection with the remote host …

exploit firewalls windows-8 wannacry smb

asked May 20 '17 at 15:27

4 R4C81D

43
1
7

2

votes

0 answers

Is SMB3-only Samba secure?

There's lots of "SMB is bad" parrotting online, and whenever I look closely, these claims are either unsubstantiated, or apply to unpached or misconfigured Windows servers or old versions of the SMB protocol. If I put stuff like this in my…

smb samba

asked Apr 20 '21 at 08:23

Ansis Māliņš

643
1
5
6

2

votes

2 answers

The security of an SMB port exposed to the internet

I have installed a Windows machine with update 1909 (build 18363.720 (March 2020) (On which I try to find vulnerabilities with nmap), which includes smb 3.1.1 with the latest fixed bugs. I created a shared folder on this machine and made the various…

windows nmap smb

asked Jun 29 '20 at 16:42

Andy McRae

121
3

2

votes

1 answer

How dangerous is SMBv1?

I have a NAS (network disk) from Zylex which stopped working under Windows 10 a while ago. Investigation shows that it uses SMBv1, which was implicated in several ransomware attacks and was therefore disabled by Microsoft. I have not yet found a…

ransomware smb

asked Jun 24 '18 at 20:29

NL_Derek

133
6

Questions tagged [smb]