April 20, 2016 Infiltration learning summary

Source: Internet
Author: User
Tags snmp snmpwalk

Operating system identification

The operating system opens many services by default after installation, and the services themselves are vulnerable

Operating System Identification Technology

Wide range

Good products are combined with a variety of technologies

TTL start value (minus one per route)

WINDOWS:128 (128----)

Linux/unix:64 (1-64)

Some unix:255

The hijacked gateway can be located by TTL value

Nmap uses a variety of systems to identify operating systems

Nmap 1.1.1.1-o

System service Characteristics

Xprobe2 1.1.1.1

The result is error

Passive Operating system identification

Deployed at the network exit by grasping the packet, or the switch doing the mirror port into the machine by installing the passive identification software to analyze the received packet, through the characteristics of the package to determine

Ids

Packet Capture analysis

Passive scanning

P0F (automatic monitoring and recognition)

Combining ARP address spoofing to identify a full-network OS

SNMP scanning (Simple Network Management Protocol ) (UDP port 161/162)

SNMP (internal information on the server for monitoring the system)

Information on gold mines

is often incorrectly configured

Public/private (configuration can be modified by SNMP on the target host)/manager

MIB Tree

SNMP Management Information Base (MIB)

Tree-shaped Network device management function library

Defines the corresponding system information in the query by the number

such as: 1.3.6.1.1.1.77.1.2.25

Onesixtyone 1.1.1.1 Public

If the scan has no results use the following command to sweep in a dictionary

Onesixtyone-c dict.txt-i Hosts-o my.log-w (hosts for host files)

Onesixtyone-c dict.txt 1.1.1.1-o my.log-w 100

Snmpwalk 1.1.1.1-c public-v 2c

(-V is the SNMP version, V2 used more)

Snmpwalk-c public-v 2c 1.1.1.1.1.3.6.1.4.1.27.1.2.25

(Check the result of the corresponding OID of the target host, this can detect the current system user)

Snmpcheck-t 192.168.1.133

Snmpcheck-t 192.168.1.133-c private-v 2

Snmpcheck-t 192.168.1.133-w


Today in the online learning some infiltration experience, but all written to the paper, want to copy to the computer but no time, had to tomorrow.


This article is from the "Xiao Yu" blog, please be sure to keep this source http://791120766.blog.51cto.com/10836248/1766045

April 20, 2016 Infiltration learning summary

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.