Seven Layers delivers comprehensive, dependable, and cost-effective solutions tailored to our clients’ needs and budgets. We offer cutting edge defensive security strategies to provide you with the ability to protect key systems and information – and can pair those with traditional information technology services to keep your business up and running, so you can focus on the business that is important to you.

    We provide penetration testing services and vulnerability assessments for peace of mind, risk management, and regulatory compliance. And because your employees are often your first line of defense - or weakness – we offer employee education in computer security and corporate security policies.

    Our support services cover your full suite of end user desktops, in-house servers, cloud-based servers, and cloud services. This includes seamless support for employees in all locations, whether they are in corporate offices, or are remote users. We will manage and develop content management systems, customized software and web applications, as well as working with off the shelf applications.


    Here's the situation -- you're on a network and you find a Network Attached Storage device with a share protected using a weak password.  You brute force the password and once you login, you find a WindowsImageBackup directory which houses the data from a Windows Server Backup.  When we view the contents, we're interested in the files with the VHD or VHDX extension.  VHDX is essentially the same as VHD but the size limit on VHDX was increased to 2TB.  That's neither here nor there, what we really want is inside the file.

    We could copy the file over to our machine but depending on the location of the file with respect to your attacking system, that could be a problem.  What we really want to do is to mount that file in its current location and access what's inside.  

    My Kali box is already setup so in this example, I'm using Ubuntu 18 but the steps are the same regardless of whether it's Kali or not.

    Starting from the top, we find our share:

    When we traverse into the directory, we find two VHDX files.  The larger of the two (23GB) is the one we want:

    Before we can access the file, we need to perform a few steps.  First, we're going to install the libguestfs tools which allow us to access virtual disk images:

    This second install might already exist on your system but if not, we'll need the CIFS utils which we'll use to access SMB/CIFS shares:

    Next, we'll need to create a directory for the share, a directory for the VHD, and we'll need to issue mount commands for both:

    The second mount command for the VHD is long-winded.  Truncating for the sake of not creating a very long screenshot:

    When it's finished, we should see data in both the /share and /vhd directory.  We're interested in /vhd because that's where our backup data exists:

    When we list the contents of the directory, we see the the data and we can traverse through the directories without issue.  Here are all of the commands I used:

    sudo apt-get install libguestfs-tools
    sudo apt-get install cifs-utils

    sudo mkdir /share
    sudo mkdir /vhd

    sudo mount -t cifs -o user=admin,rw,iocharset=utf8,file_mode=0777,noperm, "//" /share
    sudo guestmount --add "/share/WindowsImageBackup/homeServer/Backup 2019-06-27 121342/b094c9f5-e4dd-11e8-80b3-806e6f6e6963.vhdx"
     --inspector --ro /vhd -v

    Cybersecurity solutions for small businesses.

    © 2021 Seven Layer Networks, Inc. | All rights reserved.