Today I was looking at a CTF challenge that included a NAS. A quick NMAP showed the following:
After going over SSH and FTP it was time to investigate the ISCSI port, something I haven’t had to do before. A quick google turned up the popular Hacking Team breach that I remember reading about (http://pastebin.com/raw/0SNSvyjJ).
After a quick port forward:
root@kali:~# iscsiadm -m discovery -t sendtargets -p 127.0.0.1
root@kali:~# iscsiadm -m node --targetname=iqn.2016-05.uk.common:storage.lun0 -p 192.168.0.3 --login
Logging in to [iface: default, target: iqn.2016-05.uk.common:storage.lun0, portal: 192.168.0.3,3260] (multiple)
Login to [iface: default, target: iqn.2016-05.uk.common:storage.lun0, portal: 192.168.0.3,3260] successful.
Then the image is just a simple mount away:</p>
root@kali:~# vmfs-fuse -o ro ./test1234.vmdk /mnt/vmimage/
After finding such as easy way to gather more information off a network (in this case a Windows OS backup including SAM file), I will definitely be keep looking out for ISCSI devices on future tests.