Vulnerability Assessment of SNMP Service – I
来源:互联网 发布:php是什么软件 编辑:程序博客网 时间:2024/05/22 06:19
Vulnerability Assessment of SNMP Service – I
背景:
我准备写关于SNMP服务漏洞审计的系列文章,这是第一篇。SNMP,全名是SimpleNetwork Management Protocol。SNMP是一种协议,主要用于管理网络设备。正如其名所示,它的主要作用是帮助管理者管理网络设备,并监控以开启的网络设备。
这篇文章,我们将向用户介绍如何开启SNMP设备-可被攻击获取更多有价值的信息-以便让我们了解如何审计SNMP设备的安全漏洞。
为何选择SNMP?
SNMP是一种常见的协议,可用于多种操作系统,例如Windows Server, Linux & Unix,网络设备(路由器,交换机)。SNMP服务能够返回许多有价值的信息,例如:目标网络设备,操作系统,甚至还包括用户名,系统存活时间,系统名等。
目的:
这边文章的目的,主要是介绍如何安装SNMP服务。文章将会提及安装过程中的每个步骤。本文使用Debian的VirtualBox虚拟机完成目的。
目标对象:
想要学习SNMP漏洞审计的人,会发现这篇文章很有用。但是这篇文章要求读者有一定的Linux操作系统基础,知道如何使用终端,如何联网。如果读者不熟悉,建议在阅读下面内容前,去学习一下相关的内容。
范畴:
本文不会讲述终端的各种使用,也不会详细的介绍每个SNMP配置的意义,如何安装虚拟机也不在本文的讨论范围中。
配置SNMP:
检查主机是否连接网路
安装snmpd及修改默认配置
1. 检查主机是否连接网路
root@ruby:/home/get# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:10:01:c9
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr:fe80::a00:27ff:fe10:1c9/64 Scope:Link
UP BROADCAST RUNNINGMULTICAST MTU:1500 Metric:1
RX packets:28 errors:0dropped:0 overruns:0 frame:0
TX packets:60 errors:0dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RX bytes:5182 (5.0 KiB) TX bytes:11039 (10.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0dropped:0 overruns:0 frame:0
TX packets:8 errors:0dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 B) TXbytes:560 (560.0 B)
root@ruby:/home/get# ping -c48.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytesof data.
64 bytes from 8.8.8.8: icmp_req=2ttl=37 time=191 ms
64 bytes from 8.8.8.8: icmp_req=3ttl=37 time=191 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 2 received,50% packet loss, time 3013ms
rtt min/avg/max/mdev = 191.764/191.772/191.781/0.438 ms
如果主机没有联网,可将主机设置为“桥接”模式,手动设定IP。(请注意此文章中的操作需要root权限)
ifconfig eth0 down
ifconfig eth0 192.168.1.105 netmask255.255.255.0
route add default gw 192.168.1.0
ifconfig eth0 up
ping -c4 8.8.8.8
2.安装snmpd及修改默认配置
root@ruby:/home/get# apt-get installsnmpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will beinstalled:
snmpd
0 upgraded, 1 newly installed, 0 toremove and 1053 not upgraded.
Need to get 963 kB of archives.
After this operation, 1,124 kB ofadditional disk space will be used.
Get:1 http://http.debian.net/debian/wheezy/main snmpd i386 5.4.3~dfsg-2.8 [963 kB]
Fetched 963 kB in 3s (313 kB/s)
Preconfiguring packages ...
Selecting previously deselectedpackage snmpd.
(Reading database ... 127364 filesand directories currently installed.)
Unpacking snmpd (from.../snmpd_5.4.3~dfsg-2.8_i386.deb) ...
Processing triggers for man-db ...
Setting up snmpd (5.4.3~dfsg-2.8)...
Starting network management services: snmpd.
SNMP服务安装后,控制权由系统教给了我们,接下来我们可以编辑配置文件。如果没有这一步,我们无法远程攻击这个服务。SNMP配置文件位于/etc/snmp/文件夹下,
root@ruby:/home/get# ls /etc/snmp/
snmp.conf snmpd.conf snmptrapd.conf
编辑配置文件/etc/snmp/snmpd.conf,目的是让网络上的主机都可以访问该服务.注释掉agentAddress udp:127.0.0.1:161 这一行.
#
# AGENT BEHAVIOUR
#
# Listen for connections from thelocal system only
# agentAddress udp:127.0.0.1:161
# Listen for connections on allinterfaces (both IPv4 *and* IPv6)
#agentAddress udp:161,udp6:[::1]:161
修改完配置文件,/etc/init.d/snmpdrestart重启服务.到此配置完成,后面的文章,我们将介绍如何攻击SNMP服务.
参考:
http://resources.infosecinstitute.com/vulnerability-assessment-of-snmp-service-i/
- Vulnerability Assessment of SNMP Service – I
- Vulnerability Assessment of SNMP Service – II
- Vulnerability Assessment of SNMP Service – III
- Using SQLMap for Automated Vulnerability Assessment
- Vulnerability Assessment - Information Assurance Tools Report
- SNMP Reflected Denial Of Service - PoC
- Network Security Assessment: From Vulnerability to Patch [ILLUSTRATED]
- BackTrack5漏洞评估之OpenVAS(Open Vulnerability Assessment System)
- Introducing 35 Pentesting Tools Used for Web Vulnerability Assessment
- List Of Vulnerability Web Application
- observium & snmp service install
- DNS & DDoS – What is the Vulnerability of DNS Servers to DDoS Attacks?
- Map of Public Vulnerability to Advisory/Alert
- WHYPER: Towards Automating Risk Assessment of Mobile Apps
- A Quality Model for the Systematic Assessment of Requirements Traceability
- Microsoft IIS FTP Service Remote Buffer Overflow Vulnerability
- SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability
- Ptrace Vulnerability Allows Gaining of Elevated Privileges under Linux
- 界面设计包括哪些细节、如何深入?
- 算法优化:rgb向yuv的转化最优算法,快得让你吃惊!
- 音频 属性详解(涉及采样率、通道数、位数、比特率、帧等)
- [水]ZOJ1760
- 交互设计:不可忽略的产品状态
- Vulnerability Assessment of SNMP Service – I
- Unity3D的进度条显示当前加载的百分比
- C/C++语言void及void指针深层探索
- Wireshark抓包工具使用教程以及常用抓包规则 .
- 浅谈USB的安全性
- 对话框的交互——你好,对话框
- ZOJ-1258
- 栈和队列
- 19-拍照与视频刻录