Enumeration
Other Enumeration Item
There are also a couple other items that we should keep an eye out for. One of them is SMB (Server Message Block) shares. Remember, SMB is a network file-sharing protocol that is normally used within a Windows environment. SMB allows users to access files and other resources (for example printers) on remote systems using the network. The second item that we should look to enumerate are SNMP (Simple Network Management Protocol) enabled devices. SNMP is used to manage and monitor networking devices. If a device is SNMP enabled we might be able to gather additional information, monitor how it is performing or even change the configuration. If you are not familiar with SNMP it uses something called an OID (Object Identifier) which is a unique numerical identifier within a MIB (Management Information Base). The OID is a true-like hierarchy and each numerical value is separated by a dot. For example .1.3.6.1.2.1.17.7.1.4.3.1.3 would provide you with the VLAN status on Cisco devices.
Metasploit Basics
This is a simple introduction to Metasploit. I highly recommend that you get familiar with this tool. It is extremely powerful and we will learn more about it soon!
SMB Shares
SMB Shares can provide a great deal of information, recall, they allow remote access to files! When looking for SMB-enabled devices you want to look for SMB shares that are misconfigured or improperly secured. Accessing an SMB share could allow lateral movement (find other connected systems, up your privileges level, etc). Also, you could download the documents, view the metadata, and learn about other network employees or systems.
View the demo to see how to search and access SMB shares using Kali Linux. Do not worry about how I used Metasploit Console and the ability to use it. We will dive deep into using it later.
OID Tree
The SNMP OID (Object Identify) is a hierarchical tree structure. It is used to organize the objects in SNMP. It also provides the ability to navigate and reference specific elements. We start at the root, also called iso and from there it branches out into various categories.
SNMP
Simple Network Management Protocol (SNMP) is an important protocol to consider using to enumerate devices as it can provide a great deal of information about various networking devices (routers, switches, printers). Using SNMP you might be able to identify the version of software or firmware being used, and this could allow you to look for known vulnerabilities. SNMP can allow a pentester the ability to learn valuable information, identify vulnerabilities, assess configurations, and uncover any potential security weakness in a network device.
View the demo to see how to use snmpwalk to see how we can leverage SNMP in our testing.