Scribd
Upload
2 views

Assignment 8

Uploaded by

ahmed hmada
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
2 views

Assignment 8

Uploaded by

ahmed hmada
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment 8: Network Enumeration for Resource

Identification & Report (3-4 hours)


1. Introduction

This report documents the network enumeration conducted on the system with IP address 192.168.11.135
using SMBClient. The enumeration aims to identify shared resources (directories, files, etc.), user accounts,
and any potential risks associated with exposed resources. The system being analyzed is part of a
workgroup named WORKGROUP, and the enumeration was conducted using the guest account. Additionally,
an analysis of vulnerabilities in network protocols will be performed using Wireshark to detect potential
security weaknesses.

2. Network Enumeration Using SMBClient

Discovered Shared Resources:

• print$: Disk share for printer drivers.


• apache: Contains files for the Apache web server root directory.
• tomcat: Contains files for Tomcat6 server root directory.
• var: This could give access to system logs, spool directories, or application data.
• etc: Potential access to critical configuration files (e.g., passwords, network settings).
• usr: Could expose user binaries and libraries.
• owaspbwa: Likely contains data related to the OWASP Broken Web Applications Project.
• IPC$: Typically used for inter-process communication and doesn't store user-accessible
files.

Potential Risks:

• Sensitive Configuration Data: Access to directories like etc and var might expose critical
system configurations, including network settings, passwords, or application configurations.
• Web Server Root Access: The apache and tomcat shares provide access to the web server
root directories, which could allow reading or modification of web content or configuration
files, potentially exposing vulnerabilities.
• General Shared Resources: Misconfigured file permissions or weak guest access can
result in sensitive data being exposed, especially in directories like var, usr, and owaspbwa.
• 3. Protocol Vulnerability Analysis Using Wireshark
Wireshark was used to capture and analyze SMB traffic to assess the security of the protocol in use.
This section highlights the vulnerabilities associated with the SMB protocol and demonstrates how
Wireshark can be employed to identify them.

Potential Security Weaknesses:

1. SMB Protocol Usage (SMBv1)


o From the trace, it's possible that SMBv1 is being used, as seen in the earlier communication
where the client tries to connect to the server with SMB. If SMBv1 is indeed being used, this
is a major security concern since SMBv1 is vulnerable to well-known exploits such as
EternalBlue (CVE-2017-0144). This should be confirmed and disabled if found.
2. Guest Access
o The client authenticates as WORKGROUP\guest, a default guest account, which usually has
limited permissions but could still expose sensitive data if improperly configured. This
demonstrates that guest access is enabled on the server, which may not be desirable for
security. Misconfigurations in file permissions or access controls could allow attackers to
access or manipulate sensitive resources.
3. Sensitive Information Exposure
o The NetShareEnumAll response reveals available shares. If sensitive data is stored in these
shares without proper permissions, unauthorized users (e.g., via guest access) could exploit
this to browse or retrieve critical data.

Mitigations and Recommendations:

1. Disable SMBv1:
o Ensure the server is configured to use SMBv2 or SMBv3 only, as these versions offer
improved security features such as encryption and signing, making them more resilient
against attacks like EternalBlue.
2. Restrict Guest Access:
o Disable guest access if it is not required. Alternatively, ensure guest users have extremely
limited access and cannot view sensitive shares like system directories (/etc, /var) or
application root folders (apache, tomcat).
3. Audit Shared Directories:
o Review the permissions and contents of shared directories to ensure they are not leaking
sensitive information to unauthorized users. Ensure that only authenticated and authorized
users can access critical directories.
4. Monitor and Log SMB Traffic:
o Continuously monitor and log SMB traffic to identify any unauthorized access attempts.
Reviewing logs for abnormal access patterns can help detect potential intrusions or misuse.

You might also like