[转载]对中国先锋网络科技基于SNMP的信息刺探
文章作者: Net2k文章备注:这个文章早在冰血封情[EST]的《浅谈入侵主机的序幕和尾声》中早有所述 2002年的技术了
得到系统正在运行的程序信息:
------------------------------------------------------------
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1
Value = String System Idle Process
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.8
Value = String System
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.172
Value = String smss.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.196
Value = String winlogon.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.200
Value = String csrss.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.248
Value = String services.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.260
Value = String lsass.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.296
Value = String wuauclt.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.456
Value = String svchost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.496
Value = String spoolsv.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.524
Value = String msdtc.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.656
Value = String DefWatch.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.676
Value = String tcpsvcs.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.692
Value = String svchost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.720
Value = String llssrv.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.764
Value = String Rtvscan.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.872
Value = String hlds.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.924
Value = String nvsvc32.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.992
Value = String Explorer.EXE
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1000
Value = String regsvc.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1032
Value = String MSTask.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1072
Value = String snmp.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1092
Value = String ServUDaemon.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1104
Value = String SMAgent.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1140
Value = String WinMgmt.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1164
Value = String wins.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1176
Value = String svchost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1196
Value = String xconfserver_t.e
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1228
Value = String Dfssvc.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1248
Value = String inetinfo.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1348
Value = String dns.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1568
Value = String vptray.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1580
Value = String internat.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1844
Value = String dllhost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1952
Value = String dllhost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2060
Value = String mdm.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2144
Value = String conime.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2216
Value = String hlds.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2336
Value = String hlds.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2348
Value = String svchost.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2424
Value = String hlds.exe
Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2460
Value = String hlds.exe
End of MIB subtree.
------------------------------------------------------------
得到系统信息:
------------------------------------------------------------
Variable = system.sysDescr.0
Value = String Hardware: x86 Family 15 Model 2 Stepping 9 AT/AT COMPATIBLE -
Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)
Variable = system.sysObjectID.0
Value = ObjectID 1.3.6.1.4.1.311.1.1.3.1.2
Variable = system.sysUpTime.0
Value = TimeTicks 24725698
Variable = system.sysContact.0
Value = String
Variable = system.sysName.0
Value = String XIAOTOU
Variable = system.sysLocation.0
Value = String
Variable = system.sysServices.0
Value = Integer32 76
End of MIB subtree.
------------------------------------------------------------
------------------------------------------------------------
关于snmputil的语法:
------------------------------------------------------------
get,就理解成获取一个信息。
getnext,就理解成获取下一个信息。
walk,就理解成获取一堆信息(嗯,应该说所有数据库子树/子目录的信息)
agent,具体某台机器拉。
community,嗯就是那个“community strings”“查询密码”拉。
oid,这个要多说一下,这个呢,就是物件识别代码(Object Identifier)。
............................................................
例:
snmputil.exe walk 对方IP public .1.3.6.1.2.1.25.4.2.1.2 //**进程列表
snmputil.exe walk 对方IP public .1.3.6.1.4.77.1.2.25.1.1 //**用户列表
snmputil.exe get 对方IP public .1.3.6.1.4.77.1.4.1.0 //**域名
snmputil.exe walk 对方IP public .1.3.6.1.2.1.25.6.3.1.2 //**安装的软件
snmputil.exe walk 对方IP public .1.3.6.1.2.1.1 //**系统信息
页:
[1]