Penetration Testing with Kali Linux OffSec


sudo nmap -sU --open -p 161 192.168.50.1-254 -oG open-snmp.txt


səhifə89/132
tarix21.12.2023
ölçüsü
#187693
1   ...   85   86   87   88   89   90   91   92   ...   132
PEN-200

sudo nmap -sU --open -p 161 192.168.50.1-254 -oG open-snmp.txt
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-14 06:02 EDT 
Nmap scan report for 192.168.50.151 
Host is up (0.10s latency). 
PORT STATE SERVICE 
161/udp open snmp 
Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds 
... 
Listing 84 - Using nmap to perform a SNMP scan 
Alternatively, we can use a tool such as 
onesixtyone
,
275
which will attempt a brute force attack 
against a list of IP addresses. First, we must build text files containing community strings and the 
IP addresses we wish to scan. 
kali@kali:~$ 
echo public > community
kali@kali:~$ 
echo private >> community
kali@kali:~$ 
echo manager >> community
kali@kali:~$ 
for ip in $(seq 1 254); do echo 192.168.50.$ip; done > ips
kali@kali:~$ 
onesixtyone -c community -i ips
Scanning 254 hosts, 3 communities 
192.168.50.151 [public] Hardware: Intel64 Family 6 Model 79 Stepping 1 AT/AT 
COMPATIBLE - Software: Windows Version 6.3 (Build 17763 Multiprocessor Free) 
... 
Listing 85 - Using onesixtyone to brute force community strings 
Once we find SNMP services, we can start querying them for specific MIB data that might be 
interesting. 
We can probe and query SNMP values using a tool such as 
snmpwalk
, provided we know the 
SNMP read-only community string, which in most cases is “public”. 
Using some of the MIB values provided in Table 2, we can attempt to enumerate their 
corresponding values. Let’s try the following example against a known machine in the labs, which 
has a Windows SNMP port exposed with the community string “public”. This command 
enumerates the entire MIB tree using the -c option to specify the community string, and -v to 
275
(Alexander Sotirov, 2008), http://www.phreedom.org/software/onesixtyone/ 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
160 
specify the SNMP version number as well as the -t 10 option to increase the timeout period to 10 
seconds: 
kali@kali:~$ 

Yüklə

Dostları ilə paylaş:
1   ...   85   86   87   88   89   90   91   92   ...   132




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin