Interacting with Common Services

To attack a service effectively:
- Understand its purpose and functionality.
- Learn how to interact with it.
- Identify tools available for use.
- Explore potential actions and vulnerabilities.

Definition: Services enabling the transfer of computer files, either internally or via cloud solutions.
Common Internal Services: SMB, NFS, FTP, TFTP, SFTP.
Cloud Examples: Dropbox, Google Drive, AWS S3, Azure Blob Storage.

Server Message Block (SMB)

Purpose: Widely used in Windows networks for sharing folders. Interaction Methods: GUI, CLI, or tools.

Windows (SMB)

GUI Interaction:
- Open Run (WINKEY + R) and type \\<server>\<share>.
- Access granted if authentication is valid or anonymous access is allowed.

Command Shell:

List Files in Shared Folder:
```
dir \\<server>\<share>\
```

Map Shared Folder to Drive:

net use <drive_letter>: \\<server>\<share>

Authenticate with Credentials:

net use <drive_letter>: \\<server>\<share> /user:<username> <password>

Search Within Files:

dir <drive_letter>:\*<keyword>* /s /b
findstr /s /i <keyword> <drive_letter>:\*.*

PowerShell:

Map Shared Folder:

New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem"

Map with Credentials:

$username = "<username>"
$password = "<password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem" -Credential $credential

Search Files:

Get-ChildItem -Recurse -Path "N:\" -Include *<keyword>* -File
Select-String -Path "N:\" -Pattern "<keyword>" -List

Linux (SMB)

Mount SMB Share:

sudo mkdir /mnt/<share>
sudo mount -t cifs -o username=<username>,password=<password> //192.168.220.129/<share> /mnt/<share>

Use Credentials File:

mount -t cifs //192.168.220.129/<share> /mnt/<share> -o credentials=<path_to_credentials_file>

Credentials File Format:

username=<username>
password=<password>
domain=<domain>

Search Files:

find /mnt/<share>/ -name "*<keyword>*"
grep -rn /mnt/<share>/ -ie <keyword>

Other Services

Email Protocols

Sending: SMTP.
Receiving: POP3, IMAP.
Mail Client Example: Evolution (sudo apt-get install evolution).

Databases

Types: MySQL, MSSQL.
Interaction Methods:
1. Command Line (mysql, sqsh, sqlcmd).
2. GUI Tools (MySQL Workbench, SSMS, dbeaver).
3. Scripting Languages.

Examples:

MSSQL:

sqsh -S <server> -U <username> -P <password>
sqlcmd -S <server> -U <username> -P <password>

MySQL:

mysql -u <username> -p<password> -h <server>

Useful Tools for Common Services

Service

Tools

SMB

smbclient, CrackMapExec, SMBMap, Impacket

FTP

ftp, lftp, ncftp, filezilla

Thunderbird, Geary, MailSpring

Databases

mssql-cli, mycli, dbeaver

General Troubleshooting

Common Issues:
- Authentication or privilege errors.
- Network connectivity or firewall restrictions.
- Missing protocol support.
Use error codes and documentation/forums for debugging.

PreviousPassword Management NextProtocol Specific Attacks

hashtagFile Sharing Services

hashtagServer Message Block (SMB)

hashtagWindows (SMB)

hashtagLinux (SMB)

hashtagOther Services

hashtagEmail Protocols

hashtagDatabases

hashtagUseful Tools for Common Services

hashtagGeneral Troubleshooting

File Sharing Services

Server Message Block (SMB)

Windows (SMB)

Linux (SMB)

Other Services

Email Protocols

Databases

Useful Tools for Common Services

General Troubleshooting