SMB Penetration testing tips

  • November 14, 2021
  • By Cyberarch Admin

Introduction to SMB Protocol

Server Message Block (SMB), the modern dialect of which was known as Common Internet File System, operates as an application-layer network protocol for file sharing that allows applications on a computer to read and write to files and to request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols. Using the SMB protocol, an application (or the user of an application) can access files or other resources at a remote server. This allows applications to read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request

Working of SMB

SMB functions as a request-response or client-server protocol. The only time that the protocol does not work in a response-request framework is when a client requests an opportunistic lock (oplock) and the server has to break an existing oplock because the current mode is incompatible with the existing oplock. Client computers using SMB connect to a supporting server using NetBIOS over TCP/IP, IPX/SPX, or NetBUI. Once the connection is established, the client computer or program can then open, read/write, and access files similar to the file system on a local computer.

Versions of Windows SMB

CIFS: The old version of SMB, which was included in Microsoft Windows NT 4.0 in 1996.

SMB 1.0 / SMB1: The version used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2003 R2.

SMB 2.0 / SMB2: This version used in Windows Vista and Windows Server 2008.

SMB 2.1 / SMB2.1: This version used in Windows 7 and Windows Server 2008 R2.

SMB 3.0 / SMB3: This version used in Windows 8 and Windows Server 2012.

SMB 3.02 / SMB3: This version used in Windows 8.1 and Windows Server 2012 R2.

SMB 3.1: This version used in Windows Server 2016 and Windows 10.

Presently, the latest version of SMB is the SMB 3.1.1 which was introduced with Windows 10 and Windows Server 2016. This version supports AES 128 GCM encryption in addition to AES 128 CCM encryption added in SMB3, and implements pre-authentication integrity check using SHA-512 hash. SMB 3.1.1 also makes secure negotiation mandatory when connecting to clients using SMB 2.x and higher.

SMB Protocol Security 

The SMB protocol supports two levels of security. The first is the share level. The server is protected at this level and each share has a password. The client computer or user has to enter the password to access data or files saved under the specific share. This is the only security model available in the Core and Core plus SMG protocol definitions. User level protection was later added to the SMB protocol. It is applied to individual files and each share is based on specific user access rights. Once a server authenticates the client, he/she is given a unique identification (UID) that is presented upon access to the server. The SMB protocol has supported individual security since LAN Manager 1.0 was implemented.

SMB Enumeration

To identify the following information of Windows or Samba system, every pentester go for SMB enumeration during network penetration testing.

  • Banner Grabbing
  • RID cycling
  • User listing
  • Listing of group membership information
  • Share enumeration
  • Detecting if a host is in a workgroup or a domain
  • Identifying the remote operating system
  • Password policy retrieval

 

Recent Articles

Enhancing Cybersecurity Awareness through Benevolent Attacks

October 1, 2023
 
979

The Future of IoT Security: Trends, Challenges, and Solutions

July 6, 2023
 
979

Smart Security Strategies for Small to Medium Businesses SMBs

June 26, 2023
 
979

Got hacked? Speak to our security consultant.

Get in Touch
Scroll Top

Contact Us

United States, Estonia
+372 5912 3819

Follow Us