๐Ÿฆธ
PEN TESTING BOOK
  • ๐Ÿ“˜PENETRATION TESTING BOOK
  • โ˜ฎ๏ธPENTESTING PROCESS
    • 1๏ธโƒฃPre-Engagement
    • 2๏ธโƒฃIntelligence Gathering / Reconnaissance
    • 3๏ธโƒฃThreat Modeling
    • 4๏ธโƒฃVulnerability Assessment
    • 5๏ธโƒฃExploitation
    • 6๏ธโƒฃPost-Exploitation
    • 7๏ธโƒฃReporting
  • ๐ŸชŸWindows Privilege Escalation
    • ๐Ÿ› ๏ธWindows Exploit Suggester
    • ๐Ÿ„โ€โ™‚๏ธWindows-Privilege-Escalation
  • ๐ŸงLinux Privilege Escalation
    • ๐Ÿ„โ€โ™€๏ธLInux-Privilege-Escalation
  • ๐ŸงLinux Exploit Development Tools
    • ๐Ÿ”งExploit Development Tools
  • ๐Ÿ•ธ๏ธWeb Application Pentesting
    • ๐Ÿ“ˆgraphql injection
    • ๐Ÿฑcross site scripting
    • ๐Ÿ’‰Command Injection
    • ๐Ÿ—ƒ๏ธfile upload vulnerability
    • ๐Ÿถflask
    • ๐Ÿฆ•idor
    • ๐Ÿ“‚local file inclusion
    • ๐Ÿš›Sensitive Data Exposure Cheat Sheet
    • ๐Ÿดwordpress pentesting
    • โŒxxe attack
    • ๐Ÿ”“Authentication Bypass
    • ๐Ÿ•ธ๏ธWebshells
    • ๐Ÿ‚SSRF
    • ๐Ÿˆโ€โฌ›Git Exposure
    • โœ–๏ธXSS WAF Bypass
    • XPath Injection
  • ๐Ÿ”Reverse Engineering
    • ๐Ÿฒintro to ghidra
  • ๐Ÿฆนโ€โ™‚๏ธNetwork Pentesting 101
    • โ˜ข๏ธRouter Setup
      • Vyatta Router VM Setup Guide
    • ๐Ÿ”ขEnumeration
      • 22, 161, 162 - SSH, SNMP
    • ๐Ÿง™Brute Force Attacks
      • Brute Forcing Cheat sheet
    • ๐Ÿ›‚Post Exploitation
    • Firewall Pentesting
  • ๐Ÿ”…Internet of Things
    • ๐Ÿ“ณEnumerating IoT Devices
    • ๐Ÿ˜ทDissecting Embedded Devices
    • ๐Ÿ‘จโ€๐Ÿ’ปExploiting Embedded Devices
    • ๐ŸŽฎDynamic Analysis with Emulation
    • โ˜ฎ๏ธFirmware Analysis
      • Firmware Analysis
      • Bootloader testing
    • Drone Pentesting
      • Common Attacks
      • Threat Categories
    • Hacking Vending Machines
  • ๐Ÿš”Automotive Pentesting
    • ๐Ÿ”ŒVirtual CAN
      • Dump Traffic
  • ๐Ÿ—ณ๏ธContainer Pentesting
    • ๐Ÿณdocker pentesting
    • ๐Ÿ‹docker container escape
    • ๐Ÿ‹Docker CVE's
    • โ˜ธ๏ธkubernetes pentesting
  • ๐ŸŒ†SMART CITY PENTESTING
    • โ™พ๏ธProtocols
      • LoRa-WAN
  • ๐ŸชฆACTIVE DIRECTORY PENTESTING
    • ๐ŸŒŒActive Directory Post Exploitation
  • โ˜„๏ธCommand and Control
    • ๐ŸŒฉ๏ธC2 In The Cloud
    • ๐Ÿ”C2 HTTP Redictor
    • โ˜ธ๏ธHavoc C2
    • โ›ŽSliver C2
    • ๐Ÿฆ„Mythic C2
  • ๐Ÿฆ‹PENTESTING CISCO DEVICES
    • ๐Ÿ”ฆCisco-Torch : Enumeration
    • ๐Ÿ”“Password Attack (Type 5)
  • RED TEAMING
    • ๐Ÿฆ•Initial Access
      • โš”๏ธWeaponization
    • ๐Ÿ”ฅFrameworks
      • Atomic Red Team
      • MITRE Caldera
Powered by GitBook
On this page
  • Port 22 - SSH
  • Nmap Scripts
  • Metasploit Modules
  • Port 161,162 - SNMP
  • Nmap Scripts
  • snmpwalk
  • snmpset
  • snmpget

Was this helpful?

  1. Network Pentesting 101
  2. Enumeration

22, 161, 162 - SSH, SNMP

Port 22 - SSH

nmap -v -n -Pn -p22 <IP Address>

nmap -v -n -Pn -p22 -sV <IP Address>

nmap -v -n -Pn -p22 -sC <IP Address>

nmap -v -n -Pn -p22 --script ssh2-enum-algos <IP Address>

Nmap Scripts

locate .nse | grep ssh

/usr/share/nmap/scripts/ssh-auth-methods.nse
/usr/share/nmap/scripts/ssh-brute.nse
/usr/share/nmap/scripts/ssh-hostkey.nse
/usr/share/nmap/scripts/ssh-publickey-acceptance.nse
/usr/share/nmap/scripts/ssh-run.nse
/usr/share/nmap/scripts/ssh2-enum-algos.nse
/usr/share/nmap/scripts/sshv1.nse
nmap -v -n -Pn -p22 --script ssh-brute --script-args userdb=<username-list>,passdb=<password-file> <Target IP>

Metasploit Modules

auxiliary/scanner/ssh/ssh_login

Port 161,162 - SNMP

# Snmp Port Open or Not
sudo nmap -n -Pn -sU -p161 192.168.56.2

# Default Script Scan
sudo nmap -n -Pn -sU -p161 -sC 192.168.56.2

# Brute force community string
sudo nmap -n -Pn -sU -p161 --script snmp-brute 192.168.56.2 --script-args snmp-brute.communitiesDB=<dictionary location>

# Metasploit Module
auxiliary/scanner/snmp/snmp_enum
auxiliary/scanner/snmp/snmp_enumusers
auxiliary/scanner/snmp/snmp_login

Nmap Scripts

locate .nse | grep snmp
/usr/share/nmap/scripts/snmp-brute.nse
/usr/share/nmap/scripts/snmp-hh3c-logins.nse
/usr/share/nmap/scripts/snmp-info.nse
/usr/share/nmap/scripts/snmp-interfaces.nse
/usr/share/nmap/scripts/snmp-ios-config.nse
/usr/share/nmap/scripts/snmp-netstat.nse
/usr/share/nmap/scripts/snmp-processes.nse
/usr/share/nmap/scripts/snmp-sysdescr.nse
/usr/share/nmap/scripts/snmp-win32-services.nse
/usr/share/nmap/scripts/snmp-win32-shares.nse
/usr/share/nmap/scripts/snmp-win32-software.nse
/usr/share/nmap/scripts/snmp-win32-users.nse

snmpwalk

snmpwalk -v1 -c public 192.168.56.2

snmpset

snmpset -v1 -c private 192.168.56.2 iso.3.6.1.2.1.1.1.0 s hacked

snmpget

snmpget -v1 -c private 192.168.56.2 iso.3.6.1.2.1.1.1.0
PreviousEnumerationNextBrute Force Attacks

Was this helpful?

๐Ÿฆนโ€โ™‚๏ธ
๐Ÿ”ข