Interacting with Common Services

To attack a service effectively:
- Understand its purpose and functionality.
- Learn how to interact with it.
- Identify tools available for use.
- Explore potential actions and vulnerabilities.

Definition: Services enabling the transfer of computer files, either internally or via cloud solutions.
Common Internal Services: SMB, NFS, FTP, TFTP, SFTP.
Cloud Examples: Dropbox, Google Drive, AWS S3, Azure Blob Storage.

Server Message Block (SMB)

Purpose: Widely used in Windows networks for sharing folders. Interaction Methods: GUI, CLI, or tools.

Windows (SMB)

GUI Interaction:
- Open Run (WINKEY + R) and type \\<server>\<share>.
- Access granted if authentication is valid or anonymous access is allowed.

Command Shell:

List Files in Shared Folder:
```
dir \\<server>\<share>\
```

Map Shared Folder to Drive:

net use <drive_letter>: \\<server>\<share>

Authenticate with Credentials:

net use <drive_letter>: \\<server>\<share> /user:<username> <password>

Search Within Files:

dir <drive_letter>:\*<keyword>* /s /b
findstr /s /i <keyword> <drive_letter>:\*.*

PowerShell:

Map Shared Folder:

New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem"

Map with Credentials:

$username = "<username>"
$password = "<password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem" -Credential $credential

Search Files:

Get-ChildItem -Recurse -Path "N:\" -Include *<keyword>* -File
Select-String -Path "N:\" -Pattern "<keyword>" -List

Linux (SMB)

Mount SMB Share:

sudo mkdir /mnt/<share>
sudo mount -t cifs -o username=<username>,password=<password> //192.168.220.129/<share> /mnt/<share>

Use Credentials File:

mount -t cifs //192.168.220.129/<share> /mnt/<share> -o credentials=<path_to_credentials_file>

Credentials File Format:

username=<username>
password=<password>
domain=<domain>

Search Files:

find /mnt/<share>/ -name "*<keyword>*"
grep -rn /mnt/<share>/ -ie <keyword>

Other Services

Email Protocols

Sending: SMTP.
Receiving: POP3, IMAP.
Mail Client Example: Evolution (sudo apt-get install evolution).

Databases

Types: MySQL, MSSQL.
Interaction Methods:
1. Command Line (mysql, sqsh, sqlcmd).
2. GUI Tools (MySQL Workbench, SSMS, dbeaver).
3. Scripting Languages.

Examples:

MSSQL:

sqsh -S <server> -U <username> -P <password>
sqlcmd -S <server> -U <username> -P <password>

MySQL:

mysql -u <username> -p<password> -h <server>

Useful Tools for Common Services

Service

Tools

SMB

smbclient, CrackMapExec, SMBMap, Impacket

FTP

ftp, lftp, ncftp, filezilla

Thunderbird, Geary, MailSpring

Databases

mssql-cli, mycli, dbeaver

General Troubleshooting

Common Issues:
- Authentication or privilege errors.
- Network connectivity or firewall restrictions.
- Missing protocol support.
Use error codes and documentation/forums for debugging.

PreviousPassword Management NextProtocol Specific Attacks

File Sharing Services

Definition: Services enabling the transfer of computer files, either internally or via cloud solutions.

Common Internal Services: SMB, NFS, FTP, TFTP, SFTP.

Cloud Examples: Dropbox, Google Drive, AWS S3, Azure Blob Storage.

Server Message Block (SMB)

Purpose: Widely used in Windows networks for sharing folders. Interaction Methods: GUI, CLI, or tools.

Windows (SMB)

GUI Interaction:

Open Run (WINKEY + R) and type \\<server>\<share>.
Access granted if authentication is valid or anonymous access is allowed.

Command Shell:

List Files in Shared Folder:
```
dir \\<server>\<share>\
```

Map Shared Folder to Drive:

net use <drive_letter>: \\<server>\<share>

Authenticate with Credentials:

net use <drive_letter>: \\<server>\<share> /user:<username> <password>

Search Within Files:

dir <drive_letter>:\*<keyword>* /s /b
findstr /s /i <keyword> <drive_letter>:\*.*

PowerShell:

Map Shared Folder:

New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem"

Map with Credentials:

$username = "<username>"
$password = "<password>"
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem" -Credential $credential

Search Files:

Get-ChildItem -Recurse -Path "N:\" -Include *<keyword>* -File
Select-String -Path "N:\" -Pattern "<keyword>" -List

Linux (SMB)

Mount SMB Share:

sudo mkdir /mnt/<share>
sudo mount -t cifs -o username=<username>,password=<password> //192.168.220.129/<share> /mnt/<share>

Use Credentials File:

mount -t cifs //192.168.220.129/<share> /mnt/<share> -o credentials=<path_to_credentials_file>

Credentials File Format:

username=<username>
password=<password>
domain=<domain>

Search Files:

find /mnt/<share>/ -name "*<keyword>*"
grep -rn /mnt/<share>/ -ie <keyword>

Other Services

Email Protocols

Sending: SMTP.

Receiving: POP3, IMAP.

Mail Client Example: Evolution (sudo apt-get install evolution).

Databases

Types: MySQL, MSSQL.

Interaction Methods:

Command Line (mysql, sqsh, sqlcmd).
GUI Tools (MySQL Workbench, SSMS, dbeaver).
Scripting Languages.

Examples:

MSSQL:

sqsh -S <server> -U <username> -P <password>
sqlcmd -S <server> -U <username> -P <password>

MySQL:

mysql -u <username> -p<password> -h <server>