+++ INITIATING LITURGICAL BROADCAST +++
By the Will of the Omnissiah, and the Authority vested in me as Magos Dominus, I transmit this holy data-burst unto the noosphere.
SNMP - Simple Network Management Protocol
| Field | Description |
|---|---|
| Protocol | SNMP (Simple Network Management Protocol) |
| Port | UDP 161 (standard), UDP 162 (for traps) |
| Purpose | Monitoring and managing network devices (routers, switches, printers, etc.) |
| Model | Manager-Agent Model |
| Versions | SNMPv1, SNMPv2c, SNMPv3 |
| Security | - v1/v2c: Community strings (cleartext) - v3: Authentication + encryption |
| Community Strings | Like a password; public (read-only), private (read-write) |
| Data Format | Uses ASN.1 & BER (binary encoded) |
| MIB | Management Information Base (defines what can be queried) |
| Operations | - GET: Retrieve data- SET: Modify config- TRAP: Alert from agent |
| Common Tools | snmpwalk, snmpget, snmpbulkwalk, onesixtyone, snmp-check |
| Common Attack Uses | - Info disclosure - Enumeration - Community string brute-force |
In this lab the goal is to perform enumeration using SNMP service and if we can , gain access to the target machine.
In my case I used nmap with snmp scripts.
sudo nmap -sU --script=snmp-* -T4 -p161,162 demo.ine.local
I got really a lot of information but the juicy part to me in my case was:
| snmp-win32-users:
| Administrator
| DefaultAccount
| Guest
| WDAGUtilityAccount
|_ adminSo same as previous lab I created a wordlist and tried a bruteforce attack on the SMB service that the machine had running.
And , I got a meterpreter session.
GLORY TO THE OMNISSIAH. PRAISE THE BINARY DIVINE.
+++ LITURGICAL BROADCAST COMPLETE +++