Close

have questions?

Contact us today.

Subscribe me to your mailing list

SMBRelay Bible

SMBRelay Bible 5: SMBRelay attacks on corporate users

Today we will talk about client-side attacks. An attack of a network is a progressive action. Usually, we escalate our rights step-by-step from nothing to a domain administrator. Even casual un-privileged users can give us something interesting, for example access to some shared resources.But how can we get these user rights?
Read more..

SMBRelay Bible 4: SMBrelay with no action or attacking security software ( Kaspersky AV,Symantec DLP, GFI Languard 0-days)

When we talk about SMB Relay attacks we describe some actions from attacker which make Incoming NTLM authentication process from server “A” possible and then relay it to server “B”. Finally attacker becomes successfully authenticated to server “B” by using account from server “A”. We have already described this type of actions, that initialized authentication process from server “A” by using ERP functions or RDBMS stored procedures. There are many ways for server “A” to make SMB connection to attacker.
Read more..

SMBRelay bible 2. SMBRelay by MS SQL server

Today we will talk about practical implementation of SMBRelay attack through one of the famous software which very often becomes a part of ERP systems. This is MS SQL server. The last version is 2008 (R2), but we can see 2005 and 2000 in real life too, because they take up big part of RDBMS application area. We will touch all of them.
Read more..

SMBRelay bible 1: Attacking Enterprise business (ERP)

Why are these attacks so critical for business applications and ERP systems? The well known PassTheHash vulnerabilities can be used for gaining a shell or password hashes. It is known that possibilities for passing the hash exist in many software but when penetration testing ERP, this type of attack is even more useful due to three things:
Read more..

New blog section: SMBRelay Bible

This is the first part of our encyclopedia of pass the hash / smbrealy attacks (SMBRelay Bible). The goal of this encyclopedia is to collect all possibilities of obtaining NTLM authentication for conducting SMB-relay attacks or stealing credentials.
Read more..