Home > Others

April 20, 2016 Infiltration learning summary

Source: Internet
Author: User
Tags snmp snmpwalk
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Operating system identification

The operating system opens many services by default after installation, and the services themselves are vulnerable

Operating System Identification Technology

Wide range

Good products are combined with a variety of technologies

TTL start value (minus one per route)

WINDOWS:128 (128----)

Linux/unix:64 (1-64)

Some unix:255

The hijacked gateway can be located by TTL value

Nmap uses a variety of systems to identify operating systems

Nmap 1.1.1.1-o

System service Characteristics

Xprobe2 1.1.1.1

The result is error

Passive Operating system identification

Deployed at the network exit by grasping the packet, or the switch doing the mirror port into the machine by installing the passive identification software to analyze the received packet, through the characteristics of the package to determine

Ids

Packet Capture analysis

Passive scanning

P0F (automatic monitoring and recognition)

Combining ARP address spoofing to identify a full-network OS

SNMP scanning (Simple Network Management Protocol ) (UDP port 161/162)

SNMP (internal information on the server for monitoring the system)

Information on gold mines

is often incorrectly configured

Public/private (configuration can be modified by SNMP on the target host)/manager

MIB Tree

SNMP Management Information Base (MIB)

Tree-shaped Network device management function library

Defines the corresponding system information in the query by the number

such as: 1.3.6.1.1.1.77.1.2.25

Onesixtyone 1.1.1.1 Public

If the scan has no results use the following command to sweep in a dictionary

Onesixtyone-c dict.txt-i Hosts-o my.log-w (hosts for host files)

Onesixtyone-c dict.txt 1.1.1.1-o my.log-w 100

Snmpwalk 1.1.1.1-c public-v 2c

(-V is the SNMP version, V2 used more)

Snmpwalk-c public-v 2c 1.1.1.1.1.3.6.1.4.1.27.1.2.25

(Check the result of the corresponding OID of the target host, this can detect the current system user)

Snmpcheck-t 192.168.1.133

Snmpcheck-t 192.168.1.133-c private-v 2

Snmpcheck-t 192.168.1.133-w


Today in the online learning some infiltration experience, but all written to the paper, want to copy to the computer but no time, had to tomorrow.


This article is from the "Xiao Yu" blog, please be sure to keep this source http://791120766.blog.51cto.com/10836248/1766045

April 20, 2016 Infiltration learning summary

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
first sunday in april tombstone summary redeployment summary wireshark summary license summary slacker summary 172 20 20 1

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More