2. The communication string of 2.SNMP mainly includes two kinds of commands: GET command and SET command.
The 1)get command reads data from the device, which are usually operating parameters, such as connection status and interface name.
2) The set command allows you to set some parameters of the device, which are generally limited, such as closing a network interface and modifying router parameters.
3) Obviously, GET and SET commands may be used for denial of service attacks (DoS) and malicious modification of network parameters.
As can be seen from the SNMP service mentioned above, SNMP is a treasure house of information for penetration testers. Once this service agreement is used, most of the configuration information of the target will be exposed, which is fatal to the enterprise. To take advantage of the weakness of this protocol, only the server administrator needs to lack security awareness to make some default configurations.
Common attack scenarios:
1, SNMP- check
A.snmp-check supports attacks on devices with snmp services, such as windows, Unix-like devices, network devices and printers.
B. Attack principle: snmp-check detects the target by sending various predefined OIDs and collects the snmp management information of the target.
C basic syntax: SNMP-check192.168.1.109-cpublic-v2c.
2.snmpwalk or snmpget
Under kali, you can use snmpwalk or snmpget command to exchange data with snmp host.