Interacting with Common Services

  • To attack a service effectively:

    • Understand its purpose and functionality.

    • Learn how to interact with it.

    • Identify tools available for use.

    • Explore potential actions and vulnerabilities.

File Sharing Services

  • Definition: Services enabling the transfer of computer files, either internally or via cloud solutions.

  • Common Internal Services: SMB, NFS, FTP, TFTP, SFTP.

  • Cloud Examples: Dropbox, Google Drive, AWS S3, Azure Blob Storage.

Server Message Block (SMB)

Purpose: Widely used in Windows networks for sharing folders. Interaction Methods: GUI, CLI, or tools.

Windows (SMB)

  1. GUI Interaction:

    • Open Run (WINKEY + R) and type \\<server>\<share>.

    • Access granted if authentication is valid or anonymous access is allowed.

  2. Command Shell:

    • List Files in Shared Folder:

      dir \\<server>\<share>\

    • Map Shared Folder to Drive:

      net use <drive_letter>: \\<server>\<share>

    • Authenticate with Credentials:

      net use <drive_letter>: \\<server>\<share> /user:<username> <password>

    • Search Within Files:

      dir <drive_letter>:\*<keyword>* /s /b
findstr /s /i <keyword> <drive_letter>:\*.*

  3. PowerShell:

    • Map Shared Folder:

      New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem"

    • Map with Credentials:

      $username = "<username>"
$password = "<password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem" -Credential $credential

    • Search Files:

      Get-ChildItem -Recurse -Path "N:\" -Include *<keyword>* -File
Select-String -Path "N:\" -Pattern "<keyword>" -List

Linux (SMB)

  1. Mount SMB Share:

    sudo mkdir /mnt/<share>
sudo mount -t cifs -o username=<username>,password=<password> //192.168.220.129/<share> /mnt/<share>

  2. Use Credentials File:

    mount -t cifs //192.168.220.129/<share> /mnt/<share> -o credentials=<path_to_credentials_file>

    • Credentials File Format:

      username=<username>
password=<password>
domain=<domain>

  3. Search Files:

    find /mnt/<share>/ -name "*<keyword>*"
grep -rn /mnt/<share>/ -ie <keyword>

Other Services

Email Protocols

  • Sending: SMTP.

  • Receiving: POP3, IMAP.

  • Mail Client Example: Evolution (sudo apt-get install evolution).

Databases

  • Types: MySQL, MSSQL.

  • Interaction Methods:

    1. Command Line (mysql, sqsh, sqlcmd).

    2. GUI Tools (MySQL Workbench, SSMS, dbeaver).

    3. Scripting Languages.

  • Examples:

    • MSSQL:

      sqsh -S <server> -U <username> -P <password>
sqlcmd -S <server> -U <username> -P <password>

    • MySQL:

      mysql -u <username> -p<password> -h <server>

Useful Tools for Common Services

Service

Tools

SMB

smbclient, CrackMapExec, SMBMap, Impacket

FTP

ftp, lftp, ncftp, filezilla

Email

Thunderbird, Geary, MailSpring

Databases

mssql-cli, mycli, dbeaver

General Troubleshooting

  • Common Issues:

    • Authentication or privilege errors.

    • Network connectivity or firewall restrictions.

    • Missing protocol support.

  • Use error codes and documentation/forums for debugging.

PreviousPassword ManagementNextProtocol Specific Attacks