In this
article, we will learn how to gain control over our victim’s SNMP service.
There are various ways to do it and let take time and learn all those because
different circumstances call for different measure.
Hydra
Hydra is
often the tool of choice. It can perform rapid dictionary attacks against more
than 50 protocols, including telnet, ftp, http, https, smb, several databases,
and much more
Now, we
need to choose a wordlist. As with any dictionary attack, the wordlist is key.
Kali has numerous wordlists built right in.
Run the
following command
hydra -P /root/Desktop/pass.txt 192.168.1.125
snmp
-P: denotes path for password list
Once the
commands are executed it will start applying the dictionary attack and so you will
have the right username and password in no time. As you can observe that we had
successfully grabbed the SNMP password as ignite123.
xHydra
This is the
graphical version to apply dictionary attack via SNMP port to hack a system.
For this method to work:
Open xHydra
in your kali. And select Single Target option and their give the IP of your victim PC. And select SNMP in box against Protocol option and
give the port number 161 against the
port option.
Now, go to
Passwords tab and in Username section check the box adjacent to Protocol
doesn’t require username.
Then select
Password List and give the path of your text file, which contains all the
passwords, in the box adjacent to it.
Now go to
the specific Tab and in the SNMP and
clear the data written in the text box below the SNMP as shown in the given
screenshot.
When you will clear all entries it will look
like as shown in next image given below.
After doing
this, go to Start tab and click on Start
button on the left.
Now, the
process of dictionary attack will start. Thus, you will attain the password of
your victim.
As you can
see that we have the password ignite123
cracked.
Medusa
Medusa is
intended to be a speedy, massively parallel, modular, login brute-forcer. It
supports many protocols: AFP, CVS, FTP, HTTP, IMAP, rlogin, SSH, SNMP, and VNC
to name a few
Run the
following command
medusa -M snmp –h 192.168.1.125 –u ignite –P
/root/Desktop/pass.txt
Here
-h: denotes host IP
-u: denote a particular user
But Brute forcing
SNMP doesn’t require username but medusa doesn’t work without a proper syntax,
you can use any username of your choice
-P: denotes path for password list
As you can
observe that we had successfully grabbed the SNMP password as ignite123.
Metasploit
This module
will test SNMP logins on a range of machines and report successful logins. If
you have loaded a database plugin and connected to a database this module will
record successful logins and hosts so you can track your access.
Open Kali
terminal type msfconsole
Now type use auxiliary/scanner/snmp/snmp_login
msf auxiliary(scanner/snmp/snmp_login)>
set rhosts 192.168.1.125 (IP of Remote Host)
msf auxiliary(scanner/snmp/snmp_login)>
set pass_file /root/Desktop/pass.txt
msf auxiliary(scanner/snmp/snmp_login)>
set stop_on_success true
msf auxiliary(scanner/snmp/snmp_login)>
run
From given below image you can observe that we
had successfully grabbed the SNMP password.
Nmap
We can also
crack the snmp password using nmap, execute given below command.
nmap –sU –p 161 –n --script snmp-brute
192.168.1.125 --script-args snmp-brute.communitiesdb=/root/Desktop/pass.txt
As you can
see above that we have the password cracked as ignite123.
Onesixtyone
Onesixtyone
is an SNMP scanner that sends multiple SNMP requests to multiple IP addresses,
trying different community strings and waiting for replies.
onesixtyone 192.168.1.125 –c
/root/Desktop/pass.txt
As you can
see above that we have the password cracked as ignite123 using onesixtyone
0 comments:
Post a Comment