zoukankan      html  css  js  c++  java
  • Penetration Test

    Network-Based Exploits

    NAME RESOLUTION EXPLOITS
    • NETBIOS name service(NBNS)
      • Part of NetBIOS-over-TCP
      • Similar functionality to DNS
    • LLMNR(Link-local Multicast Name Resolution)
      • Protocol based on DNS packet format
      • Allows IPv4 and IPv6 name resolution on the same local link
    • DNS and ARP poisoning
    • SMB (Server Message Block) exploits
      • Protocol used in Windows to provide file and printer access, and remote service access
      • TCP ports 139 and 445
      • Some ransomware(EternalBlue, WannaCry) use SMB to propagate
    • SNMP(Simple Network Management Protocol) exploits
      • Query and manage IP devices
      • Multiple versions - SNMPv1 is not secure
    EVEN MORE NETWORK EXPLOITS
    • SMTP(Simple Mail Transport Protocol) exploits
      • Standard protocol for transmitting email
      • Open relay, local relay, phishing, spam, etc.
    • FTP(File Transfer Protocol) exploits
      • Overall insecure protocol for transferring files
      • No encryption for transfers and credentials
      • Easy for attackers to use for data exfiltration if FTP is available
    QUICK REVIEW
    • Successful redirection attacks can drive victim traffic to your chosen destination
    • SMB is a popular target for propagating malware
    • SNMP that is not secure can make many IP devices vulnerable
    • FTP is often used to place malware and exploit tools
    相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
  • 相关阅读:
    斐波那契数列——兔子问题
    最长上升子序列
    洛谷P1325 雷达安装
    K短路
    DIJ的优化,和spfa的优化
    洛谷P5017摆渡车
    洛谷P2258 子矩阵
    三元表达式、列表推导式和生成器表达式
    递归调用、 二分法
    匿名函数、内置函数
  • 原文地址:https://www.cnblogs.com/keepmoving1113/p/13675741.html
Copyright © 2011-2022 走看看