Exploits related to Network

Protocol

Dynamic Host Configuration Protocol (DHCP) Pentesting

FTP (File Transfer Protocol) Pentesting

IRC (Internet Relay Chat) Pentesting

Memcache Pentesting

Modbus Pentesting

NFS (Network File System) Pentesting

NTP (Network Time Protocol) Pentesting

RTSP (Real Time Streaming Protocol) Pentesting

Restricted Shell (rbash, rzsh) Bypass

SNMP (Simple Network Management Protocol) Pentesting

SSH (Secure Shell) Pentesting

TFTP (Trivial File Transfer Protocol) Pentesting

Telnet Pentesting

UPnP (Universal Plug and Play) Pentesting

VNC (Virtual Network Computing) Pentesting

WASTE Pentesting

Port Forwarding

Port Forwarding with Chisel

Port Forwarding with Plink

Port Forwarding with SSH

Port Forwarding with Socat

WiFi

Evil Twin Attack

MITM (Man in the Middle) Attack

WiFi Hacking

WiFi Password Recovery

Attack

Adobe PDF Attack

Anonymize Traffic with Tor

DoS/DDoS Attack

Evil Twin Attack

MAC Flooding Attack

MITM (Man in the Middle) Attack

Tool

Convert PuTTY Key to OpenSSH Key

Tshark

Wireshark

VPN

IPsec VPN Pentesting

OpenVPN Troubleshooting

Others

ARP (Address Resolution Protocol) Spoofing

Apache Hadoop Pentesting

EthernetIP Pentesting

FastCGI Pentesting

Firewall

Honeypots

MAC Flooding Attack

Network Traffic Analysis (NTA)

Networking

Rsync Pentesting

Tor

gRPC Pentesting

SNMP (Simple Network Management Protocol) Pentesting

Last modified: 2022-12-22

Network

SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161.

Enumeration

nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>

Snmp-Check

Snmp-Check is SNMP enumerator.

# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public

If we found the community name, brute force it.

Brute Force the Community Names

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>

Tools by HDKS

Automatic web fuzzer.

Auto reconnaissance CLI.

Hash identifier.