SMB vulnerabilities are pretty rare, when they do hit, they often hit big. A couple examples:
β’ MS06-025 - RCE vulnerability.
β’ MS08-067 / CVE-2008-4250 - RCE vulnerability exploited by the Conficker worm.
β’ MS17-010 / CVE-2017-0144 - RCE vulnerability allegedly leaked from the NSA.
While these are getting a bit old, they are still worth looking for, especially on older or unpatched systems.
taken from : [smb-enum]
@AfroSec
β’ MS06-025 - RCE vulnerability.
β’ MS08-067 / CVE-2008-4250 - RCE vulnerability exploited by the Conficker worm.
β’ MS17-010 / CVE-2017-0144 - RCE vulnerability allegedly leaked from the NSA.
While these are getting a bit old, they are still worth looking for, especially on older or unpatched systems.
taken from : [smb-enum]
@AfroSec
0xdf hacks stuff
SMB Enumeration Cheatsheet
SMB enumeration is a key part of a Windows assessment, and it can be tricky and finicky. When I was doing OSCP back in 2018, I wrote myself an SMB enumeration checklist. Five years later, this is the updated version with newer tools and how I approach SMBβ¦
π3
So, I finally finished my setup! Now, it's time to get back to my habitβreading and testing my skills.
By the way, I was using CherryTree for a while, but now Iβm going to try Obsidian. It has a great UI and a minimalistic feel.
Wishing you all a great day ππ
@AfroSec
By the way, I was using CherryTree for a while, but now Iβm going to try Obsidian. It has a great UI and a minimalistic feel.
Wishing you all a great day ππ
@AfroSec
π₯5
Valentine's huh? π
I think I need a love letter for my one and only...my dearest PC . β€οΈ
You've been there for me through all the CTFs, late-night hacking, and countless sudo commands.
You're my everything. Thank you for never blue-screening on me (well she did but uk it's called love) π
@AfroSec
I think I need a love letter for my one and only...
You've been there for me through all the CTFs, late-night hacking, and countless sudo commands.
You're my everything. Thank you for never blue-screening on me (well she did but uk it's called love) π
@AfroSec
π9β€2
[ linpeas ]
Just a friendly reminder: before running any open-source tools, it's always a good idea to take a moment to audit them first. Even though open-source projects are amazing, sometimes they might have unexpected risks. It's better if you give it a quick viewπ
@AfroSec
Just a friendly reminder: before running any open-source tools, it's always a good idea to take a moment to audit them first. Even though open-source projects are amazing, sometimes they might have unexpected risks. It's better if you give it a quick viewπ
@AfroSec
YouTube
Why You MUST Audit Open Source Tools Before Use
Last week, a counterfeit version of the widely used open-source script LinPEAS was found to contain a hidden remote logging feature. This discovery highlight...
π2