Interacting with Common Services

  • To attack a service effectively:

    • Understand its purpose and functionality.

    • Learn how to interact with it.

    • Identify tools available for use.

    • Explore potential actions and vulnerabilities.

File Sharing Services

  • Definition: Services enabling the transfer of computer files, either internally or via cloud solutions.

  • Common Internal Services: SMB, NFS, FTP, TFTP, SFTP.

  • Cloud Examples: Dropbox, Google Drive, AWS S3, Azure Blob Storage.

Server Message Block (SMB)

Purpose: Widely used in Windows networks for sharing folders. Interaction Methods: GUI, CLI, or tools.

Windows (SMB)

  1. GUI Interaction:

    • Open Run (WINKEY + R) and type \\<server>\<share>.

    • Access granted if authentication is valid or anonymous access is allowed.

  2. Command Shell:

    • List Files in Shared Folder:

      dir \\<server>\<share>\
    • Map Shared Folder to Drive:

      net use <drive_letter>: \\<server>\<share>
    • Authenticate with Credentials:

      net use <drive_letter>: \\<server>\<share> /user:<username> <password>
    • Search Within Files:

      dir <drive_letter>:\*<keyword>* /s /b
      findstr /s /i <keyword> <drive_letter>:\*.*
  3. PowerShell:

    • Map Shared Folder:

      New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem"
    • Map with Credentials:

      $username = "<username>"
      $password = "<password>"
      $securePassword = ConvertTo-SecureString $password -AsPlainText -Force
      $credential = New-Object System.Management.Automation.PSCredential $username, $securePassword
      New-PSDrive -Name "N" -Root "\\<server>\<share>" -PSProvider "FileSystem" -Credential $credential
    • Search Files:

      Get-ChildItem -Recurse -Path "N:\" -Include *<keyword>* -File
      Select-String -Path "N:\" -Pattern "<keyword>" -List

Linux (SMB)

  1. Mount SMB Share:

    sudo mkdir /mnt/<share>
    sudo mount -t cifs -o username=<username>,password=<password> //192.168.220.129/<share> /mnt/<share>
  2. Use Credentials File:

    mount -t cifs //192.168.220.129/<share> /mnt/<share> -o credentials=<path_to_credentials_file>
    • Credentials File Format:

      username=<username>
      password=<password>
      domain=<domain>
  3. Search Files:

    find /mnt/<share>/ -name "*<keyword>*"
    grep -rn /mnt/<share>/ -ie <keyword>

Other Services

Email Protocols

  • Sending: SMTP.

  • Receiving: POP3, IMAP.

  • Mail Client Example: Evolution (sudo apt-get install evolution).

Databases

  • Types: MySQL, MSSQL.

  • Interaction Methods:

    1. Command Line (mysql, sqsh, sqlcmd).

    2. GUI Tools (MySQL Workbench, SSMS, dbeaver).

    3. Scripting Languages.

  • Examples:

    • MSSQL:

      sqsh -S <server> -U <username> -P <password>
      sqlcmd -S <server> -U <username> -P <password>
    • MySQL:

      mysql -u <username> -p<password> -h <server>

Useful Tools for Common Services

Service

Tools

SMB

smbclient, CrackMapExec, SMBMap, Impacket

FTP

ftp, lftp, ncftp, filezilla

Email

Thunderbird, Geary, MailSpring

Databases

mssql-cli, mycli, dbeaver

General Troubleshooting

  • Common Issues:

    • Authentication or privilege errors.

    • Network connectivity or firewall restrictions.

    • Missing protocol support.

  • Use error codes and documentation/forums for debugging.