Penetration Test - Select Your Attacks(3)

Network-Based Exploits

NAME RESOLUTION EXPLOITS

• NETBIOS name service(NBNS)
  • Part of NetBIOS-over-TCP
  • Similar functionality to DNS
• LLMNR(Link-local Multicast Name Resolution)
  • Protocol based on DNS packet format
  • Allows IPv4 and IPv6 name resolution on the same local link
• DNS and ARP poisoning
• SMB (Server Message Block) exploits
  • Protocol used in Windows to provide file and printer access, and remote service access
  • TCP ports 139 and 445
  • Some ransomware(EternalBlue, WannaCry) use SMB to propagate
• SNMP(Simple Network Management Protocol) exploits
  • Query and manage IP devices
  • Multiple versions - SNMPv1 is not secure

EVEN MORE NETWORK EXPLOITS

• SMTP(Simple Mail Transport Protocol) exploits
  • Standard protocol for transmitting email
  • Open relay, local relay, phishing, spam, etc.
• FTP(File Transfer Protocol) exploits
  • Overall insecure protocol for transferring files
  • No encryption for transfers and credentials
  • Easy for attackers to use for data exfiltration if FTP is available

QUICK REVIEW

• Successful redirection attacks can drive victim traffic to your chosen destination
• SMB is a popular target for propagating malware
• SNMP that is not secure can make many IP devices vulnerable
• FTP is often used to place malware and exploit tools