the _str_ function shows how an object of this class is converted to a string, which happens when I print it. With a dataclass, I don’t have to define the _init_ function, but rather just define the parameters or the class that will be set at init. I’m making use of a Python dataclass to easily store information about each process, and format how I’ll print it. findall ( r 'HOST-RESOURCES-MIB::hrSWRunParameters\.(\d ) = STRING: "(. )"', data ): processes ]. findall ( r 'HOST-RESOURCES-MIB::hrSWRunName\.(\d ) = STRING: "(. )"', data ): processes ] = Process ( int ( match ), match ) for match in re. Import re import sys from collections import defaultdict from dataclasses import dataclass dataclass class Process : """Process read from SNMP""" pid : int proc : str args : str = "" def _str_ ( self ) -> str : return f ' for match in re. There’s also information about the path each process is running from: HOST-RESOURCES-MIB::hrSWRunName.24 = STRING: "kauditd" HOST-RESOURCES-MIB::hrSWRunName.23 = STRING: "rcu_tasks_kthre" HOST-RESOURCES-MIB::hrSWRunName.22 = STRING: "netns" HOST-RESOURCES-MIB::hrSWRunName.21 = STRING: "kdevtmpfs" HOST-RESOURCES-MIB::hrSWRunName.20 = STRING: "kworker/1:0H-kblockd" HOST-RESOURCES-MIB::hrSWRunName.18 = STRING: "ksoftirqd/1" HOST-RESOURCES-MIB::hrSWRunName.17 = STRING: "migration/1" HOST-RESOURCES-MIB::hrSWRunName.16 = STRING: "idle_inject/1" HOST-RESOURCES-MIB::hrSWRunName.15 = STRING: "cpuhp/1" HOST-RESOURCES-MIB::hrSWRunName.14 = STRING: "cpuhp/0" HOST-RESOURCES-MIB::hrSWRunName.13 = STRING: "idle_inject/0" HOST-RESOURCES-MIB::hrSWRunName.12 = STRING: "migration/0" HOST-RESOURCES-MIB::hrSWRunName.11 = STRING: "rcu_sched" HOST-RESOURCES-MIB::hrSWRunName.10 = STRING: "ksoftirqd/0" HOST-RESOURCES-MIB::hrSWRunName.9 = STRING: "mm_percpu_wq" HOST-RESOURCES-MIB::hrSWRunName.6 = STRING: "kworker/0:0H-kblockd" HOST-RESOURCES-MIB::hrSWRunName.4 = STRING: "rcu_par_gp" HOST-RESOURCES-MIB::hrSWRunName.3 = STRING: "rcu_gp" HOST-RESOURCES-MIB::hrSWRunName.2 = STRING: "kthreadd" HOST-RESOURCES-MIB::hrSWRunName.1 = STRING: "systemd" I’ll run snmpwalk ( apt install snmp snmp-mibs-downloader, see Sneaky for details), and it generates a lot of information: There isn’t too much in the way of authentication in v2, as most instances use the string “public”, so it’s not uncommon to be able to just dump a ton of data about a device with access to UDP 161. The most recent version is version 3, which was released in 2004, and yet, version 2 is probably the most common in use on the internet. Simple network management protocol (SNMP) is a protocol for managing and sharing information about devices across the internet. The default case seems to be 33560 characters, so I’ll add -hh 33560 to the wfuzz -u -H "Host: " -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -hh 33560 Given the mention of panda.htb, I’ll fuzz for subdomains using wfuzz. ? Press to use the Scan Management Menu™ ? Wordlist │ /usr/share/seclists/Discovery/Web-Content/raft-medium-directories.txt I’ll also scan for top UDP ports, and find one, SNMP feroxbuster -u Nmap done: 1 IP address (1 host up) scanned in 9.97 secondsīased on the OpenSSH and Apache versions, the host is likely running Ubuntu 20.04 focal. Service Info: OS: Linux CPE: cpe:/o:linux:linux_kernel |_http-server-header: Apache/2.4.41 (Ubuntu) Nmap done: 1 IP address (1 host up) scanned in 7.74 nmap -p 22,80 -sCV 10.10.11.136Ģ2/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux protocol 2.0)Ĩ0/tcp open http Apache httpd 2.4.41 ((Ubuntu))
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |