ioc[.]one - OSINT Cyber Threat Intelligence Database

Executing SMB Relay Attacks via SQL Server using Metasploit

Tags

attack-pattern:

Credentials - T1589.001 Domain Account - T1087.002 Domain Account - T1136.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 New Service - T1050 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	e3c30620-5e95-4ee2-8f68-024a1ff8ddbf
Fingerprint	9711ba5239821bc3
Analysis status	DONE
Considered CTI value	0
Text language
Published	Dec. 26, 2012, 7 a.m.
Added to db	Jan. 18, 2023, 8:37 p.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	Executing SMB Relay Attacks via SQL Server using Metasploit
Title	Executing SMB Relay Attacks via SQL Server using Metasploit
Detected Hints/Tags/Attributes	34/1/13

Source URLs

	Redirection	Url
Details	Source	https://blog.netspi.com/executing-smb-relay-attacks-via-sql-server-using-metasploit/

URL Provider

Details	Provider	Source level domain
Details	netspi.com	blog.netspi.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	2		netntlm.pl
Details	Domain	71		www.openwall.com
Details	Domain	4128		github.com
Details	Domain	198		youtube.com
Details	File	2		netntlm.pl
Details	File	1		saeqcxca.exe
Details	Github username	11		netspi
Details	md5	1		d17b793df4ace8f96e59d324723fcc95
Details	IPv4	81		192.168.1.100
Details	IPv4	20		192.168.1.102
Details	IPv4	30		192.168.1.101
Details	Url	1		https://www.openwall.com/john/.
Details	Url	1		https://github.com/netspi/ps_multicrack