Example Analysis of SMB Protocol vulnerability Propagation 01/20 Update SLTechnology News&Howtos

Example Analysis of SMB Protocol vulnerability Propagation

2025-01-20 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >

Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you an example analysis of the spread of SMB protocol vulnerabilities. The article is rich in content and analyzed and described from a professional point of view. I hope you can get something after reading this article.

In 2017, the blackmail viruses WannaCry and Petya took advantage of vulnerabilities exposed by SMB 1.0 to spread through port 445 of the Windows operating system.

The order in which different SMB versions appear in Windows:

CIFS-Windows NT 4.0

SMB 1.0-Windows 2000

SMB 2.0-Windows Server 2008 and Windows Vista SP1

SMB 2.1-Windows Server 2008 R2 and Windows 7

SMB 3.0-Windows Server 2012 and Windows 8

Smb 3.02-Windows Server 2012 R2 and Windows 8.1

Client and server SMB version compatibility list:

Operating system

Windows 8.1

Server 2012 R2

Windows 8

Server 2012

Windows 7

Server 2008 R2

Windows Vista

Server 2008

Windows XP, Server 2003 and earlier

Windows 8.1

Server 2012 R2

SMB 3.02

SMB 3.0

SMB 2.1

SMB 2.0

SMB 1.0

Windows 8

Server 2012

SMB 3.0

SMB 2.1

SMB 2.0

SMB 1.0

Windows 7

Server 2008 R2

SMB 2.1

SMB 2.0

SMB 1.0

Windows Vista

Server 2008

SMB 2.0

SMB 1.0

Windows XP, 2003 and earlier

SMB 1.0

Our production environment is Windows Server 2012 R2. Here are the services corresponding to SMB Server and SMB Client:

LanmanServer

LanmanWorkstation

You can see that SMB 1.0 drivers are not supported.

Try to modify port 445 of Windows Server 2012 R2

Try to use Windows Server 2003 to modify port 48322.

[HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ NetBT\ Parameters\ Smb]

"SessionPort" = dword:0000bcc2

"DatagramPort" = dword:0000bcc2

After restarting the server, it is found that it is still listening on port 445 and UNC can still be accessed. Failed to modify the port. This method can only be used in the era of SMB 1.0.

The above is an example of the spread of SMB protocol vulnerabilities shared by Xiaobian. If you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.