ISCSI Pentesting

Default Port: 3260

ISCSI (Internet Small Computer System Interface) is a protocol used for establishing and managing connections between storage devices over an IP network. It enables storage devices to be shared and accessed remotely, providing block-level access to storage resources.

ISCSI is commonly used in data centers and enterprise environments for storage area networks (SANs) and virtualization deployments.

Connect

Connect Using ISCSI Initiator

iscsiadm --mode discoverydb --type sendtargets --portal <target-ip>:<target-port> --discover

Connect Using ISCSI Target Portal

You can use tools like ISCSI Initiator or open-iscsi to connect to an ISCSI target portal.

Recon

Identifying an ISCSI Target

You can use Nmap to check if there's an ISCSI target on a target host like this:

nmap -p 3260 X.X.X.X

nc -nv X.X.X.X 3260

Enumeration

ISCSI Target Information

Connect to the ISCSI target and gather information about available LUNs (Logical Unit Numbers), target IQNs (ISCSI Qualified Names), and other configuration details using ISCSI commands.

ISCSI Client Tools

Tools like ISCSI Initiator, open-iscsi, and tgtadm can be used for interacting with ISCSI targets and performing enumeration tasks.

Attack Vectors

Default Credentials

Check for default credentials or weak authentication configurations in ISCSI targets, such as targets using default IQNs or no authentication.

Unauthorized Access

Search for open ISCSI targets that allow unrestricted access, which may be exposed to unauthorized access from the internet.

LUN Manipulation

Exploit vulnerabilities in ISCSI target configurations to access or manipulate LUNs, potentially gaining unauthorized access to sensitive data.

Post-Exploitation

Common ISCSI Commands

Command	Description
iscsiadm -m session	List active ISCSI sessions
iscsiadm -m node -l	Log in to an ISCSI target
iscsiadm -m node -u	Log out of an ISCSI target
iscsiadm -m node -o show	Display detailed information about a target
iscsiadm -m discovery	Discover available ISCSI targets

Data Exfiltration

Extract sensitive data by accessing and manipulating LUNs on the ISCSI target.

Ransomware Attacks

Encrypt data on the ISCSI target and demand a ransom for decryption, exploiting vulnerabilities in ISCSI target configurations.

Denial-of-Service (DoS) Attacks

ISCSI targets may be susceptible to DoS attacks, disrupting storage access and causing service downtime.

ISCSI Pentesting

Connect​

Connect Using ISCSI Initiator​

Connect Using ISCSI Target Portal​

Recon​

Identifying an ISCSI Target​

Banner Grabbing​

Enumeration​

ISCSI Target Information​

ISCSI Client Tools​

Attack Vectors​

Default Credentials​

Unauthorized Access​

LUN Manipulation​

Post-Exploitation​

Common ISCSI Commands​

Data Exfiltration​

Ransomware Attacks​

Denial-of-Service (DoS) Attacks​