1. 漏洞报告
2. 漏洞介绍
SNMP 是专门设计用于在 IP 网络管理网络节点(服务器、工作站、路由器、交换机及HUBS等)的一种标准协议,它是一种应用层协议。 SNMP 使网络管理员能够管理网络效能,发现并解决网络问题以及规划网络增长。通过 SNMP 接收随机消息(及事件报告)网络管理系统获知网络出现问题。
snmp默认团体名属于snmp默认弱口令public。
3. 漏洞危害
4. 漏洞检测
4.1 Nmap检测
--------------------------------------------------------------------------------------
#通过SNMP枚举正在运行的进程。
nmap -script="snmp-processes" -sU -p 161 192.168.56.129
--------------------------------------------------------------------------------------
#通过SNMP提取系统信息。
nmap -script="snmp-sysdescr" -sU -p 161 192.168.56.129
--------------------------------------------------------------------------------------
#通过SNMP获取类似netstat的输出
nmap -script="snmp-netstat" -sU -p 161 192.168.56.129
--------------------------------------------------------------------------------------
#通过SNMP获取网络接口
C:\Users\KonLaLe>nmap -script="snmp-interfaces" -sU -p 161 192.168.56.129
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-03 06:12 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.56.129
Host is up (0.00s latency).
PORT STATE SERVICE
161/udp open snmp
| snmp-interfaces:
| lo
| IP address: 127.0.0.1 Netmask: 255.0.0.0
| Type: softwareLoopback Speed: 10 Mbps
| Status: up
| Traffic stats: 57.10 Kb sent, 57.10 Kb received
| eth0
| IP address: 192.168.56.129 Netmask: 255.255.255.0
| MAC address: 00:0c:29:3e:ba:70 (VMware)
| Type: ethernetCsmacd Speed: 10 Mbps
| Status: up
|_ Traffic stats: 296.04 Kb sent, 513.20 Kb received
MAC Address: 00:0C:29:3E:BA:70 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 2.21 seconds
--------------------------------------------------------------------------------------
4.2 SNMPWALK检测
--------------------------------------------------------------------------------------
## 获取系统信息
root@kali:~# snmpwalk -v 2c -c public 192.168.56.129 .1.3.6.1.2.1.1.1.0
iso.3.6.1.2.1.1.1.0 = STRING: "Linux bee-box 2.6.24-16-generic #1 SMP Thu Apr 10 13:23:42 UTC 2008 i686"
--------------------------------------------------------------------------------------
## 获取IP信息
root@kali:~# snmpwalk -v 2c -c public 192.168.56.129 .1.3.6.1.2.1.4.20
iso.3.6.1.2.1.4.20.1.1.127.0.0.1 = IpAddress: 127.0.0.1
iso.3.6.1.2.1.4.20.1.1.192.168.56.129 = IpAddress: 192.168.56.129
iso.3.6.1.2.1.4.20.1.2.127.0.0.1 = INTEGER: 1
iso.3.6.1.2.1.4.20.1.2.192.168.56.129 = INTEGER: 2
iso.3.6.1.2.1.4.20.1.3.127.0.0.1 = IpAddress: 255.0.0.0
iso.3.6.1.2.1.4.20.1.3.192.168.56.129 = IpAddress: 255.255.255.0
iso.3.6.1.2.1.4.20.1.4.127.0.0.1 = INTEGER: 0
iso.3.6.1.2.1.4.20.1.4.192.168.56.129 = INTEGER: 1
--------------------------------------------------------------------------------------
## 获取系统用户数
root@kali:~# snmpwalk -v 2c -c public 192.168.56.129 .1.3.6.1.2.1.25.1.5
iso.3.6.1.2.1.25.1.5.0 = Gauge32: 3
--------------------------------------------------------------------------------------
## 获取当前系统进程
root@kali:~# snmpwalk -v 2c -c public 192.168.56.129 .1.3.6.1.2.1.25.4.2.1.2
iso.3.6.1.2.1.25.4.2.1.2.1 = STRING: "init"
iso.3.6.1.2.1.25.4.2.1.2.2 = STRING: "kthreadd"
iso.3.6.1.2.1.25.4.2.1.2.3 = STRING: "migration/0"
iso.3.6.1.2.1.25.4.2.1.2.4 = STRING: "ksoftirqd/0"
--------------------------------------------------------------------------------------
5. 漏洞修复
λ nmap -script="snmp-interfaces" -sU -p 161 192.168.56.129
Starting Nmap 7.80 ( https://nmap.org ) at 2019-10-03 06:53 ?D1ú±ê×?ê±??
Nmap scan report for 192.168.56.129
Host is up (0.0010s latency).
PORT STATE SERVICE
161/udp open snmp
MAC Address: 00:0C:29:3E:BA:70 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 7.39 seconds