Penetration Testing with Kali Linux OffSec
Test-NetConnection -Port 445 192.168.50.151
|
- Bu səhifədəki naviqasiya:
- TcpTestSucceeded : True
- $null">1..1024 | % {echo ((New-Object Net.Sockets.TcpClient).Connect("192.168.50.151", $_)) "TCP port $_ is open"} 2>$null
|
Test-NetConnection -Port 445 192.168.50.151
ComputerName : 192.168.50.151 RemoteAddress : 192.168.50.151 RemotePort : 445 InterfaceAlias : Ethernet0 SourceAddress : 192.168.50.152 TcpTestSucceeded : True Listing 71 - Port scanning SMB via PowerShell The returned value in the TcpTestSucceeded parameter indicates that port 445 is open. We can further script the whole process in order to scan the first 1024 ports on the Domain Controller with the PowerShell one-liner shown below. To do so we need to instantiate a TcpClient Socket object as Test-NetConnection send additional traffic that is non needed for our purposes. PS C:\Users\student> 1..1024 | % {echo ((New-Object Net.Sockets.TcpClient).Connect("192.168.50.151", $_)) "TCP port $_ is open"} 2>$null TCP port 88 is open ... Listing 72 - Automating the PowerShell portscanning We start by piping the first 1024 integer into a for-loop which assigns the incremental integer value to the $_ variable. Then, we create a Net.Sockets.TcpClient object and perform a TCP connection against the target IP on that specific port, and if the connection is successful, it prompts a log message that includes the open TCP port. We’ve covered just the starting point of PowerShell’s abilities, which can be further extended to match the traditional Nmap features. 6.3.4 SMB Enumeration The security track record of the Server Message Block (SMB) 268 protocol has been poor for many years due to its complex implementation and open nature. From unauthenticated SMB null sessions in Windows 2000 and XP, to a plethora of SMB bugs and vulnerabilities over the years, SMB has had its fair share of action. 269 Keeping this in mind, the SMB protocol has also been updated and improved in parallel with Windows releases. The NetBIOS 270 service listens on TCP port 139, as well as several UDP ports. It should be noted that SMB (TCP port 445) and NetBIOS are two separate protocols. NetBIOS is an independent 267 (Microsoft, 2022), https://docs.microsoft.com/en-us/powershell/module/nettcpip/test-netconnection?view=windowsserver2022- ps 268 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Server_Message_Block 269 (Mark A. Gamache, 2013), http://markgamache.blogspot.ca/2013/01/ntlm-challenge-response-is-100-broken.html 270 (Wikipedia, 2022), https://en.wikipedia.org/wiki/NetBIOS Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 153 session layer protocol and service that allows computers on a local network to communicate with each other. While modern implementations of SMB can work without NetBIOS, NetBIOS over TCP (NBT) 271 is required for backward compatibility and these are often enabled together. This also means the enumeration of these two services often goes hand-in-hand. These services can be scanned with tools like nmap, using syntax similar to the following: kali@kali:~$ Yüklə Dostları ilə paylaş:
|