Ethical Hacking and Penetration Testing Guide

Yüklə 22,44 Mb.

Pdf görüntüsü

səhifə	57/235
tarix	07.08.2023
ölçüsü	22,44 Mb.
	#138846

1 ... 53 54 55 56 57 58 59 60 ... 235

Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Sniffing SNMP Passwords

Problem with SNMP
SNMP V1 was developed in 1980. The problem with this protocol was that there was

no authen-
tication system of any kind
, so anyone could access the SNMP server and gain access to the details
present on it, as at that time, they did not consider securing it. Later, they developed SNMP and
added some security features. However, SNMP V2 was not backward compatible, the reason it
was not widely adopted.
Therefore, SNMP V3 was developed to become backward compatible with SNMP V1 and also
to reduce the complexity of implementation. In an SNMP protocol, there are two types of com-
munity strings: a public community string and a private community string.
Sniffing SNMP Passwords
Most of the times, the SNMP passwords would be unencrypted if the devices are on SNMP V1.
An attacker can simply set up a sniffer to intercept the traffic on the network. We have dedicated
a whole chapter to “Network Sniffing”; therefore, we will keep things here at a very generic level.

Information Gathering Techniques
◾
85
OneSixtyOne
Onesixtyone is an all-in-one tool for scanning and brute-forcing SNMP community string. In
BackTrack, you can install it by typing the following command:
apt-get install onesixtyone
Usage
onesixtyone -c/dictionary.txt
The usage is very simple. All you need to do is to enter the IP address followed by the path
to the dictionary, and it will attempt to connect to the SNMP service by using the community
strings you have defined in the dictionary.
Snmpenum
Snmpenum is another cool tool written in Perl. It’s available in BackTrack in the /pentest/
enumeration/snmp directory. It can also be used for enumerating SNMP services.

Yüklə 22,44 Mb.

Dostları ilə paylaş:

1 ... 53 54 55 56 57 58 59 60 ... 235