mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 01:17:36 +00:00
Carlos Polop
GitHub
commit
97c49bdb7a
1 changed files with 9 additions and 8 deletions
|
|
@ -89,6 +89,12 @@ To **guess the community string** you could perform a dictionary attack. Check [
|
|||
|
||||
## Enumerating SNMP
|
||||
|
||||
It is recommanded to install the following to see whats does mean **each OID gathered** from the device:
|
||||
```bash
|
||||
apt-get install snmp-mibs-downloader
|
||||
download-mibs
|
||||
```
|
||||
|
||||
If you know a valid community string, you can access the data using **SNMPWalk** or **SNMP-Check**:
|
||||
|
||||
```bash
|
||||
|
|
@ -98,18 +104,13 @@ snmp-check [DIR_IP] -p [PORT] -c [COMM_STRING]
|
|||
nmap --script "snmp* and not snmp-brute" <target>
|
||||
```
|
||||
|
||||
To see whats does **means** each OID gathered from the device, it is recommended to **install**:
|
||||
Thanks to extended queries (download-mibs), it is possible to enumerate even more about the system with the following command :
|
||||
|
||||
```bash
|
||||
apt-get install snmp-mibs-downloader
|
||||
download-mibs
|
||||
snmpwalk -v X -c public <IP> NET-SNMP-EXTEND-MIB::nsExtendOutputFull
|
||||
```
|
||||
|
||||
And **in** _**/etc/snmp/snmp.conf**_ **comment the line "mibs :"**
|
||||
|
||||
**It is recommended to install and configure this before launching any SNMP enumeration.**
|
||||
|
||||
**SNMP** has a lot of information about the host and things that you may find interesting are: **Network interfaces** \(IPv4 and **IPv6** address\) and **processes running** \(may contain passwords\)....
|
||||
**SNMP** has a lot of information about the host and things that you may find interesting are: **Network interfaces** (IPv4 and **IPv6** address), Usernames, Uptime, Server/OS version, and **processes running** (may contain passwords)....
|
||||
|
||||
## From SNMP to RCE
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue