Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Is there a list of exact attack vectors for the lazy?

Both tools in the demo video are SMB-based. I wonder how exploitable is a machine if it has SMB properly disabled and blocked.



Disabling SMB is possible but it means you will not be accessing a Windows file share or providing one. Fine if you don't need it.

https://support.microsoft.com/en-gb/help/2696547/how-to-enab...

For my money, disable SMBv1 anyway and use a firewall and (V)LANs.

Samba, pop this under [global] to disable SMBv1 min protocol = SMB2

To disable it try "systemctl stop smbd" or "/etc/init.d/smbd stop" or ... 8)


There's an incomplete "summary of leaked data" at https://www.bleepingcomputer.com/news/security/shadow-broker...


Looking at this list it seems to affect mostly older versions of windows servers and servers with SMB running. I'd say it would mostly be a problem on intranets than windows based web servers.


> and servers with SMB running.

Which is going to be Domain Controllers, the most highly privileged servers on most corporate networks. And accessible to the "entire" network too. Group Policy is distributed through SMB shares.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: