445 Tcp Open Microsoft Ds Metasploit
Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 3306/tcp open mysql 8010/tcp open xmpp Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds msf > db_hosts Hosts =====. EXPLOIT WINDOWS SMB USING METASPLOIT 1. First connect to guest os, then we try to get information gathering ip target. Result: Service Enumeration: Result of Zenmap is PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds. Next step is.
- Metasploitable 2 Exploitability Guide. Open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open rmiregistry 1524/tcp open ingreslock 2049/tcp open nfs 2121/tcp open ccproxy-ftp 3306/tcp open mysql 3632/tcp open.
- Metasploit is the world’s leading pen testing tool. Because whatever your role, and whatever you need from your pen testing tool, Metasploit delivers. Whether you’re a security researcher, student, IT generalist, or pro pentester, there’s an edition of Metasploit to help you act like an attacker.
What is the Microsoft-ds service? I just installed Firestarter on my machine, got it up and running and found that there was a Microsoft-ds service trying to get into my system on port 445. If you map a drive to a Win2k/XP machine that isn't using NetBIOS over TCP/IP, you'll connect via port 445. If that interface the firewall is running. 445 Tcp Open Microsoft Ds Metasploit Professional. Computer: - -- -- -- --. OS: Windows XP (Build 2. Service Pack 3). Now you can use your mouse to interact with the victim desktop as if it were your own. Browsing the file system. For browsing the file system there are lots of linux style commands. Command Description. Get information about testing Snort with Metasploit in this detailed tip from Richard Bejtlich, complete with step-by-step instructions and code. 135/tcp open msrpc 139/tcp open netbios-ssn 445/tcp open microsoft-ds 3389/tcp open ms-term-serv MAC Address: 00:0C:29:23:94:DD (VMware).
I'm trying to disable services that I do not need, to improve latency and improve security.
I found that port 445 is still open by doing telnet on localhost and port 445. As I do not need port 445, I would prefer to close it.
How can I find out who is listening on port 445 and how do I disable it?
Note that I do not want to block port 445 using the firewall or something like that, but want to disable the program that has port 445 open.
harrymc6 Answers
Following is just quotation of two different sources which I used to successfully disable port 445 on Windows XP machines. I was closing port 445 and 135, 137 - 139, so I followed all instruction in the article and it worked for me.
General information about port 445 (archive link)
Among the new ports used by Windows 2000 is TCP port 445 which is used for SMB over TCP. The SMB (Server Message Block) protocol is used among other things for file sharing in Windows NT/2000/XP. In Windows NT it ran on top of NetBT (NetBIOS over TCP/IP), which used the famous ports 137, 138 (UDP) and 139 (TCP). In Windows 2000/XP, Microsoft added the possibility to run SMB directly over TCP/IP, without the extra layer of NetBT. For this they use TCP port 445.
At its simplest NetBIOS on your LAN may just be a necessary evil for legacy software. NetBIOS on your WAN or over the Internet, however, is an enormous (read foolish..) security risk. All sorts of information, such as your domain, workgroup and system names, as well as account information is obtainable via NetBIOS. It really is in your best interests to ensure that NetBIOS never leaves your network.
If you are using a multi-homed machine i.e. more than 1 network card, then you should disable NetBIOS on every network card, or Dial-Up Connection under the TCP/IP properties, that is not part of your local network.
To disable Port 445:
Add the following registry key:
Key: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNetBTParameters Name: SMBDeviceEnabled Type: DWORD (REG_DWORD) Data: 0
Don’t forget to restart your computer after disabling the above ports for effect. Also, to check that those ports are disabled, you can open a command prompt and type netstat -an to confirm that your computer is no longer listening to those ports.
(the registry keys are different for Windows 7 onwards, see this Microsoft article)
VL-80VL-80I would like to extend this answer
Port 445 in Windows is by default used by 'Server' service (real name is 'lanmanserver') to provide file sharing via SMB protocol. To prevent Windows from listening on this port you need to stop and disable this service.
- You need to have Admin rights or be able to elevate to admin.
- Open command prompt as Administrator.
- Type
sc stop lanmanserver, press Enter. - For some reason at this point the port will still be active (from my experience, did this today). You need to reboot the system to prevent it from listening on the port, but the service will restart after reboot, so you need to disable it from starting:
- Type
sc config lanmanserver start=disabled, press Enter. - Reboot.
- Verify in command prompt with
netstat -n -a findstr 'LISTENING' findstr ':445', it should print a blank line, meaning that nothing is listening on the port. (command may vary for non-English versions of Windows, not sure, you may need to change 'LISTENING' to a translated variant)
There are various reasons to free port 445 in Windows, one of them is imo quite interesting and it is to allow SMB tunneling through SSH - when Windows does not use the port you now can tell Putty / Cygwin'ed SSH to use it and forward to a remote host via a secure connection - then you can access the remote fileshare securely via localhost.
Use TCPView to find out which program is listening on port 445.
If the listener is svchost.exe, this is then a system service.To guess which one, note down its PID, go to Task Manager, tab Servicesand click on PID to sort by it.There will be several services with this PID, and all of them are candidates.If you cannot decide which one, post the names of the candidate servicesso we can comment on them.
Please note that an open port does not need to have a listener.A port is called 'open' when it is not blocked by the firewall.
harrymcharrymcPort 445 = SMB = Printer and File Sharing. So disable the file sharing in the network connection options to close the port.
magicandre1981magicandre1981PowerShell:
More details How to disable feature that opened port 445 on windows by PowerShell
Not the answer you're looking for? Browse other questions tagged portwindows-server-2008-r2 or ask your own question.
The Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and store the results directly in the database.
Let’s see how this works.
Step 1 is to make sure that PostgreSQL is running on your Kali Linux machine.
> service postgresql start
Step 2 is to verify that Metasploit has a connection to the database.
> msfconsole (to start the Metasploit console)
msf> db_status (to check the database connection)
It should come back as [*] postgresql connected to msf3
If the database is not connected, you need to initialize it first.
msf> exit
> msfdb init (this is for Kali Linux 2.0)
Then try step 2 again, it should be good now.
The first thing to do is to create a new workspace. A workspace is simply just a table in the database to store data in, but it helps you stay organized. You might try to see workspaces as projects or clients. When you have a new client or project, create a new workspace.
The workspace command is what you use to to manage workspaces. You can have several workspaces and easily switch between them.
msf> workspace
This gives you the workspace you’re currently using. You can easily create a new workspace using the -a flag and delete one with the -d flag. Switching between workspaces is simply done by entering workspace .
msf> workspace -a test (create a workspace named test)
msf> workspace -d test (delete workspace named test)
msf> workspace test (switch to the workspace test)
msf> workspace -r test test2 (rename workspace test to test2)
Now, it’s time to get some Nmap data into your database. You can do this in two ways: either by importing a Nmap scan or by issuing a Nmap scan from within the Metasploit console. To import data, you use the db_import command. The Nmap scan result file that you import must be in XML format.
msf> db_import /root/nmap_scan.xml (to import a previous Nmap scan result file)
msf > db_import /root/nmap_router_scan
[*] Importing ‘Nmap XML’ data
[*] Import: Parsing with ‘Nokogiri v1.6.6.2’
[*] Importing host 192.168.1.1
[*] Successfully imported /root/nmap_router_scan
msf >
Now that we’ve imported data, let’s see what we got. First, we use the hosts command to list all the hosts we have in our database workspace.
msf > hosts
Hosts
address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device
msf >
Second, we check which services we got listed from our imported Nmap scan:
msf > services
Services
host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 443 tcp https open
192.168.1.1 631 tcp ipp filtered
192.168.1.1 3000 tcp ppp open
192.168.1.1 8081 tcp blackice-icecap filtered
msf >
You can import a lot of different data into the Metasploit database simply by using the db_import command to get a complete list of available file imports.
msf > db_import
Usage: db_import [file2…]
Filenames can be globs like *.xml, or **/*.xml, which will search recursively.
Currently supported file types include:
Acunetix
Amap Log
Amap Log -m
Appscan
Burp Session XML
CI
Foundstone
FusionVM XML
IP Address List
IP360 ASPL
IP360 XML v3
Libpcap Packet Capture
Metasploit PWDump Export
Metasploit XML
Metasploit Zip Export
Microsoft Baseline Security Analyzer
NeXpose Simple XML
NeXpose XML Report
Nessus NBE Report
Nessus XML (v1)
Nessus XML (v2)
NetSparker XML
Nikto XML
Nmap XML
OpenVAS Report
OpenVAS XML
Outpost24 XML
Qualys Asset XML
Qualys Scan XML
Retina XML
Spiceworks CSV Export
Wapiti XML
msf >
As you can see, there are a lot of options for importing data into Metasploit. Then, there’s the other possibility: executing a Nmap scan from within the Metasploit console. You use the db_nmap command to do this. Here’s an example from my home network:
msf > db_nmap 192.168.1.3
[*] Nmap: Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-08-27 20:33 CEST
[*] Nmap: Nmap scan report for 192.168.1.3
[*] Nmap: Host is up (0.0014s latency).
[*] Nmap: Not shown: 995 closed ports
[*] Nmap: PORT STATE SERVICE
[*] Nmap: 139/tcp open netbios-ssn
[*] Nmap: 445/tcp open microsoft-ds
[*] Nmap: 548/tcp open afp
[*] Nmap: 5009/tcp open airport-admin
[*] Nmap: 10000/tcp open snet-sensor-mgmt
[*] Nmap: MAC Address: 90:72:40:04:88:4B (Apple)
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 91.73 seconds
msf >
Now, lets check the hosts and services commands again:
msf > hosts
Hosts
address mac name os_name os_flavor os_sp purpose info comments
——- — —- ——- ——— —– ——- —- ——–
192.168.1.1 08:63:61:8e:8f:4e homerouter.cpe Unknown device
192.168.1.3 90:72:40:04:88:4b Unknown device
msf >
msf > services
Services
host port proto name state info
—- —- —– —- —– —-
192.168.1.1 22 tcp ssh open
192.168.1.1 23 tcp telnet filtered
192.168.1.1 53 tcp domain open
192.168.1.1 80 tcp http open
192.168.1.1 8081 tcp blackice-icecap filtered
192.168.1.1 443 tcp https open
192.168.1.1 3000 tcp ppp open
192.168.1.1 631 tcp ipp filtered
192.168.1.3 445 tcp microsoft-ds open
192.168.1.3 548 tcp afp open
192.168.1.3 5009 tcp airport-admin open
192.168.1.3 139 tcp netbios-ssn open
192.168.1.3 10000 tcp snet-sensor-mgmt open
msf >
Microsoft
As you scan additional hosts or networks, your database will hold more and more information about your target. So, as a last step in this tutorial, I’ll mention the db_export command, which allows you to make a backup. The db_export command allows for saving your workspace as an XML file or as a pwdump file. The pwdump format is for credentials only; XML format saves everything.
msf > db_export -f xml /root/test_workspace.xml
[*] Starting export of workspace test to /root/test_workspace.xml [ xml ]…
[*] >> Starting export of report
[*] >> Starting export of hosts
[*] >> Starting export of events
[*] >> Starting export of services
[*] >> Starting export of web sites
[*] >> Starting export of web pages
[*] >> Starting export of web forms
[*] >> Starting export of web vulns
[*] >> Starting export of module details
[*] >> Finished export of report
[*] Finished export of workspace test to /root/test_workspace.xml [ xml ]…
msf >
Tcp 445 Microsoft Ds
In my next tutorial I will show more features of the Metasploit database and how you can use them to your advantage.
