Questions tagged [smb]

57 questions
9
votes
2 answers

What harm is there in obtaining password hashes in a Windows environment?

ArsTechnica posted this article recently talking about how the power grid has been penetrated: Hackers lie in wait after penetrating US and Europe power grid networks Excerpt: One tactic involved using the publicly available Phishery toolkit to…
SDsolar
  • 977
  • 1
  • 6
  • 25
8
votes
3 answers

Is it risky to allow SMB traffic to the Internet

SMB is a well-known network file sharing protocol, and I assume it's supposed to be used internally only. At my company I found someone connecting to a share on a server on the Internet over port 445 using SMB. Is there any risk in allowing such…
expertsnipo
  • 93
  • 1
  • 1
  • 7
5
votes
4 answers

Find SMBv1 status with Nmap

Is there a ready way with nmap's scripting option to find machines with SMB 1 still enabled server side? It'd be a whole lot faster for me to monitor my remediation if it is available. I'd rather not have to run a complete OpenVAS scan for this one…
Tim Brigham
  • 3,762
  • 3
  • 29
  • 35
5
votes
1 answer

MS08-067.c fails at WNetAddConnection2()

I'm working with some exploit code for the MS08-067 vulnerability from ExploitDB. The section: WNetAddConnection2(&nr, "", "", 0)* fails with an error of 67 (ERROR_BAD_NET_NAME), but I don't know why. I'm using the correct IP as the argument for…
4
votes
2 answers

Will enabling SMB protocol authentication prevent Ransomware attack like WannaCry spreading in network?

We have a requirement of using SMB protocol due to a system limitation. will enabling SMB authentication among the nodes will prevent the ransomware threat spreading in network? Reference:…
Sayan
  • 2,033
  • 1
  • 11
  • 21
4
votes
1 answer

What to do if you still have SMBv1 running on your network?

I was looking into the network traffic at our company while preforming a security audit and I found that we still have a server running SMBv1 on the network. The server is a Windows 2003 Domain Controller and is also used as the file server for the…
Jack
  • 433
  • 4
  • 9
4
votes
1 answer

How to check if Windows computer has SMB accessible over the internet?

The currently spreading ransomware WannaCry exploits SMB vulnerabilities to infect new computer. Is this exploitation possible over the internet? How to check if my computer has SMB accessible over the internet or not?
THN
  • 143
  • 4
3
votes
1 answer

SMBv1 Server vs Client relative vulnerability risk

IT support guy here (NOT security expert): I have several clients who currently have at least one legacy appliance that runs a Samba (or something like it) server using SMBv1, which cannot be upgraded to use higher SMB versions. Other than…
firepuppy
  • 31
  • 2
3
votes
0 answers

smb iptables configuration not working with vpn killswitch

my main goal is to setup iptables that work as a VPN killswitch for my openvpn connection. Thanks to a post from forest, this was pretty straight forward: OpenVPN kill switch on Linux . So. everything that is not going to TUN1 should be blocked. Now…
renpen
  • 31
  • 1
3
votes
1 answer

SMBRelay Attack - Mount Share instead of Code Execution

Is it possible to execute an SMBRelay attack that mounts a share instead of execute code? The application I am testing uses a non-administrative user but has access to several SMB shares. Only NTLMv2 is allowed so pass-the-hash doesn't work.
m3ta
  • 174
  • 2
  • 8
3
votes
0 answers

Possible EternalBlue Infection, Next Step?

Sorry if I messed up in any manner, e.g. title, details, tags, layout, venue, response plan, etc. I know a little of the stacks and security in general. Short Version: I found material on my other machine which almost certainly is an EternalBlue…
KtX2SkD
  • 131
  • 2
3
votes
2 answers

EternalBlue exploit doesn't work against windows 8

i have tried this poc: https://gist.github.com/worawit/074a27e90a3686506fc586249934a30e against a windows 8 target that i own, the code exits with an error that says: impacket.nmb.NetBIOSTimeout: The NETBIOS connection with the remote host …
4 R4C81D
  • 43
  • 1
  • 7
2
votes
0 answers

Is SMB3-only Samba secure?

There's lots of "SMB is bad" parrotting online, and whenever I look closely, these claims are either unsubstantiated, or apply to unpached or misconfigured Windows servers or old versions of the SMB protocol. If I put stuff like this in my…
Ansis Māliņš
  • 643
  • 1
  • 5
  • 6
2
votes
2 answers

The security of an SMB port exposed to the internet

I have installed a Windows machine with update 1909 (build 18363.720 (March 2020) (On which I try to find vulnerabilities with nmap), which includes smb 3.1.1 with the latest fixed bugs. I created a shared folder on this machine and made the various…
Andy McRae
  • 121
  • 3
2
votes
1 answer

How dangerous is SMBv1?

I have a NAS (network disk) from Zylex which stopped working under Windows 10 a while ago. Investigation shows that it uses SMBv1, which was implicated in several ransomware attacks and was therefore disabled by Microsoft. I have not yet found a…
NL_Derek
  • 133
  • 6
1
2 3 4