Table of Contents
🔍 What is Port 445?
- Protocol: TCP
- Used for: Microsoft SMB (Server Message Block) over TCP
- Purpose: File sharing, printer sharing, remote access, network browsing, etc.
🧠 Why Hackers Are Interested in Port 445
- SMB is Powerful SMB allows file sharing, remote command execution, and printer access — perfect for attackers to move laterally in a network or exfiltrate data.
- Commonly Exposed Insecure systems often expose port 445 to the internet — a huge risk.
- Vulnerabilities and Exploits
- EternalBlue (MS17-010) – Used in WannaCry, NotPetya ransomware attacks.
- SMBGhost (CVE-2020-0796) – RCE vulnerability in SMBv3 (Windows 10, Server 2019).
- Relaying attacks – NTLM hashes can be captured and relayed to authenticate without knowing passwords.
💥 Common Attacks Using Port 445
| Attack Type | Description |
|---|---|
| EternalBlue | Exploits a buffer overflow to execute code remotely (RCE) |
| SMB Relay | Captures authentication attempts and relays them to another server to gain access |
| Pass-the-Hash | Uses captured NTLM hash instead of password |
| Anonymous Enumeration | List shared drives, users, and policies via SMB |
| SMB Signing Disabled | Man-in-the-middle attacks are possible if signing is off |
🛠 Tools Used to Exploit Port 445
| Tool | Purpose |
|---|---|
| Metasploit | Modules for EternalBlue, SMB relay, etc. |
| Impacket | smbclient.py, wmiexec.py, secretsdump.py |
| Nmap | SMB scripts like smb-enum-shares, smb-vuln* |
| Responder | Poison network requests to capture credentials |
| CrackMapExec (CME) | Swiss army knife for SMB |
| SMBClient | To connect and interact with shares |