Sure enough it works for RPC as well, and testing the srvinfo command, I was able to get information about the system.Īs a result of both services allowing anonymous acces, I decided to run enum4linux to gather info on the system while I manually check the Backups share. The anonymous session is permitted and the SMB shares are revealed, most notably a custom share named Backups was found.īefore checking in the shares, I want to see if I can also get an anonymous session over RPC. To start, I decided to enumerate the SMB and RPC services to see if they permit anonymous access. Enumeration and Initial Exploitįor this target, there is not much to work worth aside from SMB / RPC for enumeration and possibly a vulnerable version of SSH. The nmap scan has also revealed the operating system on the target to be Windows Server 2016 Standard 14393.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |