Penetration Testing with Kali Linux OffSec
snmpwalk -c public -v1 -t 10 192.168.50.151
|
|
snmpwalk -c public -v1 -t 10 192.168.50.151
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: Intel64 Family 6 Model 79 Stepping 1 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 17763 Multiprocessor Free)" iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.3 iso.3.6.1.2.1.1.3.0 = Timeticks: (78235) 0:13:02.35 iso.3.6.1.2.1.1.4.0 = STRING: "admin@megacorptwo.com" iso.3.6.1.2.1.1.5.0 = STRING: "dc01.megacorptwo.com" iso.3.6.1.2.1.1.6.0 = "" iso.3.6.1.2.1.1.7.0 = INTEGER: 79 iso.3.6.1.2.1.2.1.0 = INTEGER: 24 ... Listing 86 - Using snmpwalk to enumerate the entire MIB tree Revealed another way, we can use the output above to obtain target email addresses. This information can be used to craft a social engineering attack against the newly-discovered contacts. To further practice what we’ve learned, let’s explore a few SNMP enumeration techniques against a Windows target. We’ll use the snmpwalk command, which can parse a specific branch of the MIB Tree called OID . 276 The following example enumerates the Windows users on the dc01 machine. kali@kali:~$ snmpwalk -c public -v1 192.168.50.151 1.3.6.1.4.1.77.1.2.25 iso.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116 = STRING: "Guest" iso.3.6.1.4.1.77.1.2.25.1.1.6.107.114.98.116.103.116 = STRING: "krbtgt" iso.3.6.1.4.1.77.1.2.25.1.1.7.115.116.117.100.101.110.116 = STRING: "student" iso.3.6.1.4.1.77.1.2.25.1.1.13.65.100.109.105.110.105.115.116.114.97.116.111.114 = STRING: "Administrator" Listing 87 - Using snmpwalk to enumerate Windows users Our command queried a specific MIB sub-tree that is mapped to all the local user account names. As another example, we can enumerate all the currently running processes: kali@kali:~$ snmpwalk -c public -v1 192.168.50.151 1.3.6.1.2.1.25.4.2.1.2 iso.3.6.1.2.1.25.4.2.1.2.1 = STRING: "System Idle Process" iso.3.6.1.2.1.25.4.2.1.2.4 = STRING: "System" iso.3.6.1.2.1.25.4.2.1.2.88 = STRING: "Registry" iso.3.6.1.2.1.25.4.2.1.2.260 = STRING: "smss.exe" iso.3.6.1.2.1.25.4.2.1.2.316 = STRING: "svchost.exe" iso.3.6.1.2.1.25.4.2.1.2.372 = STRING: "csrss.exe" iso.3.6.1.2.1.25.4.2.1.2.472 = STRING: "svchost.exe" iso.3.6.1.2.1.25.4.2.1.2.476 = STRING: "wininit.exe" iso.3.6.1.2.1.25.4.2.1.2.484 = STRING: "csrss.exe" iso.3.6.1.2.1.25.4.2.1.2.540 = STRING: "winlogon.exe" iso.3.6.1.2.1.25.4.2.1.2.616 = STRING: "services.exe" iso.3.6.1.2.1.25.4.2.1.2.632 = STRING: "lsass.exe" iso.3.6.1.2.1.25.4.2.1.2.680 = STRING: "svchost.exe" ... 276 (Wikipedia, 2022), https://en.wikipedia.org/wiki/Object_identifier Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 161 Listing 88 - Using snmpwalk to enumerate Windows processes The command returned an array of strings, each one containing the name of the running process. This information could be valuable as it might reveal vulnerable applications, or even indicate which kind of anti-virus is running on the target. Similarly, we can query all the software that is installed on the machine: kali@kali:~$ Yüklə Dostları ilə paylaş:
|