Penetration Testing with Kali Linux OffSec
sudo nmap -sU --open -p 161 192.168.50.1-254 -oG open-snmp.txt
|
|
sudo nmap -sU --open -p 161 192.168.50.1-254 -oG open-snmp.txt
Starting Nmap 7.92 ( https://nmap.org ) at 2022-03-14 06:02 EDT Nmap scan report for 192.168.50.151 Host is up (0.10s latency). PORT STATE SERVICE 161/udp open snmp Nmap done: 1 IP address (1 host up) scanned in 0.49 seconds ... Listing 84 - Using nmap to perform a SNMP scan Alternatively, we can use a tool such as onesixtyone , 275 which will attempt a brute force attack against a list of IP addresses. First, we must build text files containing community strings and the IP addresses we wish to scan. kali@kali:~$ echo public > community kali@kali:~$ echo private >> community kali@kali:~$ echo manager >> community kali@kali:~$ for ip in $(seq 1 254); do echo 192.168.50.$ip; done > ips kali@kali:~$ onesixtyone -c community -i ips Scanning 254 hosts, 3 communities 192.168.50.151 [public] Hardware: Intel64 Family 6 Model 79 Stepping 1 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 17763 Multiprocessor Free) ... Listing 85 - Using onesixtyone to brute force community strings Once we find SNMP services, we can start querying them for specific MIB data that might be interesting. We can probe and query SNMP values using a tool such as snmpwalk , provided we know the SNMP read-only community string, which in most cases is “public”. Using some of the MIB values provided in Table 2, we can attempt to enumerate their corresponding values. Let’s try the following example against a known machine in the labs, which has a Windows SNMP port exposed with the community string “public”. This command enumerates the entire MIB tree using the -c option to specify the community string, and -v to 275 (Alexander Sotirov, 2008), http://www.phreedom.org/software/onesixtyone/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 160 specify the SNMP version number as well as the -t 10 option to increase the timeout period to 10 seconds: kali@kali:~$ Yüklə Dostları ilə paylaş:
|