Document properties in Microsoft office usually contain information related to the document and various other metadata details. However this location can be used to store commands that will execute payloads that are hosted on an SMB or HTTP server. This will provide some initial access to the network during a spear phishing or red team assessment. The Metasploit SMB delivery module can be used to serve payloads in the form of DLL files and PowerShell via an SMB server. exploit/windows/smb/smb_delivery The module can be…
SMB Share – SCF File Attacks
SMB is a protocol which is widely used across organisations for file sharing purposes. It is not uncommon during internal penetration tests to discover a file share which contains sensitive information such as plain-text passwords and database connection strings. However even if a file share doesn’t contain any data that could be used to connect to other systems but it is configured with write permissions for unauthenticated users then it is possible to obtain passwords hashes of domain users or Meterpreter shells. Gathering Hashes…