Network Vulnerabilities: SNMP, SMTP, and FTP - Paiet/SEC-335 GitHub Wiki

SNMP exploits
- Scan for SNMP
  - nmap -sU -A -T4 -n -p 161 10.0.0.228
    - Look at nmap .nse scripts for SNMP
      - find / -name snmp*.nse 2>/dev/null
- Quick enumeration
  - onesixtyone 10.0.0.228 community
- Deep enumeration
  - snmpwalk -c community -v1 10.0.0.228
    - Refine search with specific MIBs
      - Windows user enum
        
        snmpwalk -c community -v1 10.0.0.228 1.3.6.1.4.1.77.1.2.25
- Metasploit
  - auxiliary/scanner/snmp/snmp_enum module
SMTP exploits
- Server to server communication is plain text...typically
- Spoof Email for Social Engineering attack
- Banner grabbing
- Enumerate users
  - VRFY
  - EXPN
FTP exploits
- Sniffing clear text
- Anonymous login
  - Read/Write
    - Allows for file upload
      - Maybe Dir Traversal
- Bounce attacks
- DoS