SMB hacking using NTP port

Описание: Post about the #Manual #Auditing to find vulnerabilities - Testing - ⚙

#cvedetails link about the samba's vulnerabilities:
https://www.cvedetails.com/vulnerabil...

#CVE-2003-0201 #nvd.nist.gov link: https://nvd.nist.gov/vuln/detail/CVE-200

----------------------------

The next description explains the Steps to Reproduce for the Blue Team, after the Detailed Technical #Reports 🛡

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions,
and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.

Combining this vulnerability with a permitted port capable of reaching the internet ( the firewall allows this port to communicate on outgoing ),
it is possible after the exploit to have remote access to the vulnerable machine using for example a reverse client tcp for the shell.

The NTP port was open and we used it to breach into the host.

#Recommendations:
check daily for updates about the SMB protocol and close it for the public use, using a firewall.
Close the NTP port too ( in outbound ).

This video show also that more the #payload is bigger and the #reverse_client powerful smaller is our chance of establishing a good connection. 🤔

Enjoy with this test