87
SNMP Dictionary Attack Tool
The SNMP dictionary tool allows you to specify a dictionary, which will be used against the
SNMP server. This is faster than brute force and does not consume as much resources.
SMTP Enumeration
SMTP stands for Simple Mail Transfer Protocol. Sometimes, this could be a very useful source of
information. Knowing the valid usernames that exist would aid us immensely when brute-forcing
them.
Before enumerating the usernames, you would need to figure out a mail server on a particu-
lar network. To accomplish that, you would need to run a port scan on port 25 on a network to
find out mail servers on that network. Port scanning is an extensive topic, which we will see in
Chapter 4. For now, we will just focus on finding valid usernames on a mail server.
For that purpose, we would use a Perl script called
snmp-user-enum
. It’s available in the /pentest/
enumeration/smtp directory in BackTrack.
88
◾
Ethical Hacking and Penetration Testing Guide
Usage
./smtp-user.enum.pl –M VRFY –u/pass.txt –t mailserver
The tool is very simple to use. All you need to do is find or create a good username list and define
the path to it after the -u parameter and then provide the IP address of the mail server.
Detecting Load Balancers
Load balancers is a method used by organizations to distribute load upon other servers. This way,
applications work effectively and maintain the uptime, increasing their reliability. Load balancers
are generally classified into two categories:
1. Layer 4 load balancers, also known as DNS load balancers
2. Layer 7 load balancers, also known as http load balancers
In this section, we will learn methods to detect both layer 4 and layer 7 load balancers.
Generally, if a single host resolves to multiple IPs, then it’s probably using a load balancer. Let’s
use the host command to detect the IP addresses of Google.
For that, we would run the following query:
host www.google.com
It will resolve to multiple IPs. However, dig can provide much better results. You could use the
similar command for dig.
Information Gathering Techniques
◾
Dostları ilə paylaş: |
