먼저 TCP, UDP에 대한 개념을 알고 있다면 내용에 이해하는데 더 빠르게 이해 할수 있다
TCP vs UDP
네트워크에서 통신이 일어나는 과정을 7단계로 표현한 OSI 7계층이다. 이중에서 4계층인 전송계층에서는 다음과 같은 특징을 가지고 있다. -segment 단위 -최종 목적지로 데이터 전송 -TCP, UDP 프로토
adm1n1.tistory.com
SNMP – Simple Network Management Protocol. 은 네트워크 관리를 위해 관리 정보 및 정보 운반을 위한 프로토콜로 UDP/IP를 사용하여 이더넷 연결을 통해 단순한 형태의 메세지 교환형 네트워크 관리 프로토콜이다.
[특징]
- 라이브러리에서 시스템 관리자에게 잠재적 문제를 알림
- 시스템 관리자는 라이브러리에서 구성, 작동, 통계 정보를 질의 할수 있음
- 라이브러리에서 STA(StorageTek Tape Analytics)서버로 전송할 정보를 수집
snmp에는 3가지 버전이 있다.
snmp v1: 주요 항목으로 인증은 암호화가 되지않은 상태로 전송
snmpv2: 버전 2 또한 암호화 전송을 시도 했지만 사용하기엔 불편해서 결국 평문 전송으로 사용 (snmpv2c)
버전 1,2 둘다 시스템 상태 질의를 위한 읽기 전용 지원
snmp v3: 암호화를 한 인증 방식
장비 정보값을 얻기 위해 ID/PW 를 제공해야함
읽기 ,쓰기 모두 지원
SNMP는 161,162 포트를 사용한다.
161: 에이전트 용 (대리인)
getRequest, setRequest 등 통상의 메세지
162: 매니저용 (관리자 )
트랩 메세지
관리자는 사용 가능한 아무포트에서 161 포트의 에이전트로 요청을 보낼 수 있다. 그러면 요청하는 매니저에게 에이전트가 소스 포트에 응답
환경
PC1 (공격자)
OS: kali linux
IP: 192.168.180. 147
PC2 (타겟)
OS: window server 2008 R2(matasploitable V3 )
IP:192.168.180.159
실습
nmap -sU 192.168.180.159
nmap에서 -sU옵션으로 udp 스캔을 하였고 161번 포트를 발견하였다.
161번 포트에 대해 조금 더 자세히 알기 위해서 -sV 옵션을 이용하여 버전 정보를 알아보고
-p 옵션으로 161번 포트만 스캔을 하여 시간을 단축하였다.
보안이 취약한 SNMPv1 버전을 이용하고 있는 것을 확인하였다.
서버에서 udp 환경은 보통 SNMP,log 상태 등을 보낼때 많이들 사용을 한다.
snmp-check 툴을 이용을 하면 해당 서버에 대한 내용들이 유출 된것을 확인할 수 있다.
해당 취약점에 원인은 우측 상단에 ~~ community 'public' 라고 써져 있는데
public으로 해놓은것이 원인 이었다.
자세한 결과물은 다음과 같다. ( #주의# 결과물 내용이 매우 김)
더보기
결과물 보기
└─$ snmp-check 192.168.180.159
snmp-check v1.9 - SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)
[+] Try to connect to 192.168.180.159:161 using SNMPv1 and community 'public'
[*] System information:
Host IP address : 192.168.180.159
Hostname : metasploitable3
Description : Hardware: Intel64 Family 6 Model 154 Stepping 3 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)
Contact : -
Location : -
Uptime snmp : 00:15:19.59
Uptime system : 00:13:26.78
System date : 2023-11-12 00:03:30.6
Domain : WORKGROUP
[*] User accounts:
sshd
Guest
greedo
vagrant
han_solo
kylo_ren
boba_fett
chewbacca
ben_kenobi
jabba_hutt
artoo_detoo
c_three_pio
darth_vader
leia_organa
sshd_server
jarjar_binks
Administrator
luke_skywalker
anakin_skywalker
lando_calrissian
[*] Network information:
IP forwarding enabled : no
Default TTL : 128
TCP segments received : 2138404
TCP segments sent : 2072911
TCP segments retrans : 9
Input datagrams : 190172
Delivered datagrams : 190078
Output datagrams : 1553619
[*] Network interfaces:
Interface : [ up ] Software Loopback Interface 1
Id : 1
Mac Address : :::::
Type : softwareLoopback
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (SSTP)
Id : 2
Mac Address : :::::
Type : unknown
Speed : 1073 Mbps
MTU : 4091
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (L2TP)
Id : 3
Mac Address : :::::
Type : unknown
Speed : 1073 Mbps
MTU : 1460
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (PPTP)
Id : 4
Mac Address : :::::
Type : unknown
Speed : 1073 Mbps
MTU : 1464
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (PPPOE)
Id : 5
Mac Address : :::::
Type : ppp
Speed : 1073 Mbps
MTU : 1494
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (IPv6)
Id : 6
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (Network Monitor)
Id : 7
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (IP)
Id : 8
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ down ] RAS Async Adapter
Id : 9
Mac Address : 20:41:53:59:4e:ff
Type : ppp
Speed : 0 Mbps
MTU : 0
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (IKEv2)
Id : 10
Mac Address : 00:00:00:00:00:00
Type : unknown
Speed : 0 Mbps
MTU : 1480
In octets : 0
Out octets : 0
Interface : [ down ] Intel(R) PRO/1000 MT Desktop Adapter
Id : 11
Mac Address : 08:00:27:64:00:8a
Type : ethernet-csmacd
Speed : 0 Mbps
MTU : 0
In octets : 0
Out octets : 0
Interface : [ up ] Microsoft ISATAP Adapter
Id : 12
Mac Address : 00:00:00:00:00:00
Type : unknown
Speed : 0 Mbps
MTU : 1280
In octets : 0
Out octets : 0
Interface : [ up ] Teredo Tunneling Pseudo-Interface
Id : 13
Mac Address : 00:00:00:00:00:00
Type : unknown
Speed : 0 Mbps
MTU : 1472
In octets : 0
Out octets : 0
Interface : [ down ] Intel(R) PRO/1000 MT Desktop Adapter #2
Id : 14
Mac Address : 08:00:27:dd:6f:59
Type : ethernet-csmacd
Speed : 0 Mbps
MTU : 0
In octets : 0
Out octets : 0
Interface : [ up ] Microsoft ISATAP Adapter #2
Id : 15
Mac Address : 00:00:00:00:00:00
Type : unknown
Speed : 0 Mbps
MTU : 1280
In octets : 0
Out octets : 0
Interface : [ up ] Intel(R) PRO/1000 MT Network Connection
Id : 16
Mac Address : 00:0c:29:57:d9:3a
Type : ethernet-csmacd
Speed : 1000 Mbps
MTU : 1500
In octets : 17918972
Out octets : 9399797
Interface : [ up ] Intel(R) PRO/1000 MT Network Connection-QoS Packet Scheduler-0000
Id : 17
Mac Address : 00:0c:29:57:d9:3a
Type : ethernet-csmacd
Speed : 1000 Mbps
MTU : 1500
In octets : 17918972
Out octets : 9399797
Interface : [ up ] Intel(R) PRO/1000 MT Network Connection-WFP LightWeight Filter-0000
Id : 18
Mac Address : 00:0c:29:57:d9:3a
Type : ethernet-csmacd
Speed : 1000 Mbps
MTU : 1500
In octets : 17918972
Out octets : 9399797
Interface : [ up ] WAN Miniport (IPv6)-QoS Packet Scheduler-0000
Id : 19
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (IP)-QoS Packet Scheduler-0000
Id : 20
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
Interface : [ up ] WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
Id : 21
Mac Address : de:0b:20:52:41:53
Type : ethernet-csmacd
Speed : 1073 Mbps
MTU : 1500
In octets : 0
Out octets : 0
[*] Network IP:
Id IP Address Netmask Broadcast
1 127.0.0.1 255.0.0.0 1
16 192.168.180.159 255.255.255.0 1
[*] Routing information:
Destination Next hop Mask Metric
0.0.0.0 192.168.180.2 0.0.0.0 10
127.0.0.0 127.0.0.1 255.0.0.0 306
127.0.0.1 127.0.0.1 255.255.255.255 306
127.255.255.255 127.0.0.1 255.255.255.255 306
192.168.180.0 192.168.180.159 255.255.255.0 266
192.168.180.159 192.168.180.159 255.255.255.255 266
192.168.180.255 192.168.180.159 255.255.255.255 266
224.0.0.0 127.0.0.1 240.0.0.0 306
255.255.255.255 127.0.0.1 255.255.255.255 306
[*] TCP connections and listening ports:
Local address Local port Remote address Remote port State
0.0.0.0 22 0.0.0.0 0 listen
0.0.0.0 135 0.0.0.0 0 listen
0.0.0.0 3000 0.0.0.0 0 listen
0.0.0.0 3306 0.0.0.0 0 listen
0.0.0.0 3389 0.0.0.0 0 listen
0.0.0.0 8009 0.0.0.0 0 listen
0.0.0.0 8019 0.0.0.0 0 listen
0.0.0.0 8022 0.0.0.0 0 listen
0.0.0.0 8028 0.0.0.0 0 listen
0.0.0.0 8031 0.0.0.0 0 listen
0.0.0.0 8032 0.0.0.0 0 listen
0.0.0.0 8282 0.0.0.0 0 listen
0.0.0.0 8443 0.0.0.0 0 listen
0.0.0.0 8444 0.0.0.0 0 listen
0.0.0.0 8585 0.0.0.0 0 listen
0.0.0.0 49152 0.0.0.0 0 listen
0.0.0.0 49153 0.0.0.0 0 listen
0.0.0.0 49154 0.0.0.0 0 listen
0.0.0.0 49155 0.0.0.0 0 listen
0.0.0.0 49156 0.0.0.0 0 listen
0.0.0.0 49211 0.0.0.0 0 listen
0.0.0.0 49300 0.0.0.0 0 listen
127.0.0.1 4848 127.0.0.1 49338 established
127.0.0.1 4848 127.0.0.1 49339 established
127.0.0.1 4848 127.0.0.1 49340 established
127.0.0.1 4848 127.0.0.1 49341 established
127.0.0.1 4848 127.0.0.1 49342 established
127.0.0.1 4848 127.0.0.1 49343 established
127.0.0.1 4848 127.0.0.1 49344 established
127.0.0.1 4848 127.0.0.1 49345 established
127.0.0.1 4848 127.0.0.1 49346 established
127.0.0.1 4848 127.0.0.1 49347 established
127.0.0.1 4848 127.0.0.1 49348 established
127.0.0.1 4848 127.0.0.1 49349 established
127.0.0.1 4848 127.0.0.1 49350 established
127.0.0.1 4848 127.0.0.1 49351 established
127.0.0.1 4848 127.0.0.1 49352 established
127.0.0.1 4848 127.0.0.1 49353 established
127.0.0.1 4848 127.0.0.1 49354 established
127.0.0.1 4848 127.0.0.1 49357 established
127.0.0.1 4848 127.0.0.1 49360 established
127.0.0.1 4848 127.0.0.1 49363 established
127.0.0.1 4848 127.0.0.1 49364 established
127.0.0.1 4848 127.0.0.1 49367 established
127.0.0.1 4848 127.0.0.1 49368 established
127.0.0.1 4848 127.0.0.1 49371 established
127.0.0.1 4848 127.0.0.1 49372 established
127.0.0.1 4848 127.0.0.1 49375 established
127.0.0.1 8005 0.0.0.0 0 listen
127.0.0.1 8028 127.0.0.1 49208 established
127.0.0.1 8028 127.0.0.1 49246 established
127.0.0.1 8028 127.0.0.1 49283 established
127.0.0.1 8028 127.0.0.1 49284 established
127.0.0.1 8028 127.0.0.1 49285 established
127.0.0.1 8028 127.0.0.1 49286 established
127.0.0.1 31000 127.0.0.1 32000 established
127.0.0.1 32000 0.0.0.0 0 listen
127.0.0.1 32000 127.0.0.1 31000 established
127.0.0.1 49157 127.0.0.1 49158 established
127.0.0.1 49158 127.0.0.1 49157 established
127.0.0.1 49161 127.0.0.1 49162 established
127.0.0.1 49162 127.0.0.1 49161 established
127.0.0.1 49163 127.0.0.1 49164 established
127.0.0.1 49164 127.0.0.1 49163 established
127.0.0.1 49165 127.0.0.1 49166 established
127.0.0.1 49166 127.0.0.1 49165 established
127.0.0.1 49167 127.0.0.1 49168 established
127.0.0.1 49168 127.0.0.1 49167 established
127.0.0.1 49169 127.0.0.1 49170 established
127.0.0.1 49170 127.0.0.1 49169 established
127.0.0.1 49171 127.0.0.1 49172 established
127.0.0.1 49172 127.0.0.1 49171 established
127.0.0.1 49173 127.0.0.1 49174 established
127.0.0.1 49174 127.0.0.1 49173 established
127.0.0.1 49175 127.0.0.1 49176 established
127.0.0.1 49176 127.0.0.1 49175 established
127.0.0.1 49177 127.0.0.1 49178 established
127.0.0.1 49178 127.0.0.1 49177 established
127.0.0.1 49196 127.0.0.1 49197 established
127.0.0.1 49197 127.0.0.1 49196 established
127.0.0.1 49198 127.0.0.1 49199 established
127.0.0.1 49199 127.0.0.1 49198 established
127.0.0.1 49200 127.0.0.1 49201 established
127.0.0.1 49201 127.0.0.1 49200 established
127.0.0.1 49202 127.0.0.1 49203 established
127.0.0.1 49203 127.0.0.1 49202 established
127.0.0.1 49204 127.0.0.1 49205 established
127.0.0.1 49205 127.0.0.1 49204 established
127.0.0.1 49208 127.0.0.1 8028 established
127.0.0.1 49209 127.0.0.1 49210 established
127.0.0.1 49210 127.0.0.1 49209 established
127.0.0.1 49212 127.0.0.1 49213 established
127.0.0.1 49213 127.0.0.1 49212 established
127.0.0.1 49214 127.0.0.1 49215 established
127.0.0.1 49215 127.0.0.1 49214 established
127.0.0.1 49216 127.0.0.1 49217 established
127.0.0.1 49217 127.0.0.1 49216 established
127.0.0.1 49218 127.0.0.1 49219 established
127.0.0.1 49219 127.0.0.1 49218 established
127.0.0.1 49220 127.0.0.1 49221 established
127.0.0.1 49221 127.0.0.1 49220 established
127.0.0.1 49222 127.0.0.1 49223 established
127.0.0.1 49223 127.0.0.1 49222 established
127.0.0.1 49224 127.0.0.1 49225 established
127.0.0.1 49225 127.0.0.1 49224 established
127.0.0.1 49226 127.0.0.1 49227 established
127.0.0.1 49227 127.0.0.1 49226 established
127.0.0.1 49228 127.0.0.1 49229 established
127.0.0.1 49229 127.0.0.1 49228 established
127.0.0.1 49230 127.0.0.1 49231 established
127.0.0.1 49231 127.0.0.1 49230 established
127.0.0.1 49232 127.0.0.1 49233 established
127.0.0.1 49233 127.0.0.1 49232 established
127.0.0.1 49234 127.0.0.1 49235 established
127.0.0.1 49235 127.0.0.1 49234 established
127.0.0.1 49236 127.0.0.1 49237 established
127.0.0.1 49237 127.0.0.1 49236 established
127.0.0.1 49238 127.0.0.1 49239 established
127.0.0.1 49239 127.0.0.1 49238 established
127.0.0.1 49240 127.0.0.1 49241 established
127.0.0.1 49241 127.0.0.1 49240 established
127.0.0.1 49242 127.0.0.1 49243 established
127.0.0.1 49243 127.0.0.1 49242 established
127.0.0.1 49244 127.0.0.1 49245 established
127.0.0.1 49245 127.0.0.1 49244 established
127.0.0.1 49246 127.0.0.1 8028 established
127.0.0.1 49248 127.0.0.1 49249 established
127.0.0.1 49249 127.0.0.1 49248 established
127.0.0.1 49250 127.0.0.1 49251 established
127.0.0.1 49251 127.0.0.1 49250 established
127.0.0.1 49252 127.0.0.1 49253 established
127.0.0.1 49253 127.0.0.1 49252 established
127.0.0.1 49254 127.0.0.1 49255 established
127.0.0.1 49255 127.0.0.1 49254 established
127.0.0.1 49265 127.0.0.1 49266 established
127.0.0.1 49266 127.0.0.1 49265 established
127.0.0.1 49267 127.0.0.1 49268 established
127.0.0.1 49268 127.0.0.1 49267 established
127.0.0.1 49269 127.0.0.1 49270 established
127.0.0.1 49270 127.0.0.1 49269 established
127.0.0.1 49273 127.0.0.1 49274 established
127.0.0.1 49274 127.0.0.1 49273 established
127.0.0.1 49278 127.0.0.1 49279 established
127.0.0.1 49279 127.0.0.1 49278 established
127.0.0.1 49280 127.0.0.1 49281 established
127.0.0.1 49281 127.0.0.1 49280 established
127.0.0.1 49283 127.0.0.1 8028 established
127.0.0.1 49284 127.0.0.1 8028 established
127.0.0.1 49285 127.0.0.1 8028 established
127.0.0.1 49286 127.0.0.1 8028 established
127.0.0.1 49303 127.0.0.1 49304 established
127.0.0.1 49304 127.0.0.1 49303 established
127.0.0.1 49313 127.0.0.1 49314 established
127.0.0.1 49314 127.0.0.1 49313 established
127.0.0.1 49315 127.0.0.1 49316 established
127.0.0.1 49316 127.0.0.1 49315 established
127.0.0.1 49338 127.0.0.1 4848 established
127.0.0.1 49339 127.0.0.1 4848 established
127.0.0.1 49340 127.0.0.1 4848 established
127.0.0.1 49341 127.0.0.1 4848 established
127.0.0.1 49342 127.0.0.1 4848 established
127.0.0.1 49343 127.0.0.1 4848 established
127.0.0.1 49344 127.0.0.1 4848 established
127.0.0.1 49345 127.0.0.1 4848 established
127.0.0.1 49346 127.0.0.1 4848 established
127.0.0.1 49347 127.0.0.1 4848 established
127.0.0.1 49348 127.0.0.1 4848 established
127.0.0.1 49349 127.0.0.1 4848 established
127.0.0.1 49350 127.0.0.1 4848 established
127.0.0.1 49351 127.0.0.1 4848 established
127.0.0.1 49352 127.0.0.1 4848 established
127.0.0.1 49353 127.0.0.1 4848 established
127.0.0.1 49354 127.0.0.1 4848 established
127.0.0.1 49355 127.0.0.1 49356 established
127.0.0.1 49356 127.0.0.1 49355 established
127.0.0.1 49357 127.0.0.1 4848 established
127.0.0.1 49358 127.0.0.1 49359 timeWait
127.0.0.1 49360 127.0.0.1 4848 established
127.0.0.1 49361 127.0.0.1 49362 timeWait
127.0.0.1 49363 127.0.0.1 4848 established
127.0.0.1 49364 127.0.0.1 4848 established
127.0.0.1 49365 127.0.0.1 49366 timeWait
127.0.0.1 49367 127.0.0.1 4848 established
127.0.0.1 49368 127.0.0.1 4848 established
127.0.0.1 49369 127.0.0.1 49370 timeWait
127.0.0.1 49371 127.0.0.1 4848 established
127.0.0.1 49372 127.0.0.1 4848 established
127.0.0.1 49373 127.0.0.1 49374 established
127.0.0.1 49374 127.0.0.1 49373 established
127.0.0.1 49375 127.0.0.1 4848 established
192.168.180.159 22 192.168.180.147 42812 timeWait
192.168.180.159 22 192.168.180.147 42818 timeWait
192.168.180.159 22 192.168.180.147 42828 timeWait
192.168.180.159 22 192.168.180.147 42860 timeWait
192.168.180.159 22 192.168.180.147 42866 timeWait
192.168.180.159 22 192.168.180.147 42874 established
192.168.180.159 80 192.168.180.147 48424 timeWait
192.168.180.159 80 192.168.180.147 48436 timeWait
192.168.180.159 80 192.168.180.147 48446 timeWait
192.168.180.159 80 192.168.180.147 48462 timeWait
192.168.180.159 80 192.168.180.147 48466 timeWait
192.168.180.159 80 192.168.180.147 48470 timeWait
192.168.180.159 80 192.168.180.147 48484 timeWait
192.168.180.159 80 192.168.180.147 48488 timeWait
192.168.180.159 80 192.168.180.147 48490 timeWait
192.168.180.159 80 192.168.180.147 48492 timeWait
192.168.180.159 80 192.168.180.147 48494 timeWait
192.168.180.159 80 192.168.180.147 48506 timeWait
192.168.180.159 80 192.168.180.147 48514 timeWait
192.168.180.159 80 192.168.180.147 48520 timeWait
192.168.180.159 80 192.168.180.147 48530 timeWait
192.168.180.159 80 192.168.180.147 48540 timeWait
192.168.180.159 80 192.168.180.147 48542 timeWait
192.168.180.159 80 192.168.180.147 48548 timeWait
192.168.180.159 139 0.0.0.0 0 listen
192.168.180.159 3000 192.168.180.147 48936 closeWait
192.168.180.159 3000 192.168.180.147 48942 closeWait
192.168.180.159 3000 192.168.180.147 48956 closeWait
192.168.180.159 3000 192.168.180.147 48962 closeWait
192.168.180.159 3000 192.168.180.147 48972 established
192.168.180.159 3000 192.168.180.147 48974 established
192.168.180.159 3000 192.168.180.147 48990 established
192.168.180.159 3000 192.168.180.147 48996 established
192.168.180.159 3000 192.168.180.147 49004 established
192.168.180.159 3000 192.168.180.147 49012 closeWait
192.168.180.159 3000 192.168.180.147 49018 established
192.168.180.159 3000 192.168.180.147 49026 closeWait
192.168.180.159 3000 192.168.180.147 49034 closeWait
192.168.180.159 3000 192.168.180.147 49050 established
192.168.180.159 3000 192.168.180.147 49058 established
192.168.180.159 3000 192.168.180.147 49062 established
192.168.180.159 3700 192.168.180.147 60488 established
192.168.180.159 3820 192.168.180.147 37136 timeWait
192.168.180.159 3820 192.168.180.147 49400 timeWait
192.168.180.159 4848 192.168.180.147 42560 timeWait
192.168.180.159 4848 192.168.180.147 42614 timeWait
192.168.180.159 4848 192.168.180.147 42864 established
192.168.180.159 4848 192.168.180.147 42870 finWait1
192.168.180.159 5985 192.168.180.147 35320 timeWait
192.168.180.159 5985 192.168.180.147 35336 timeWait
192.168.180.159 5985 192.168.180.147 35340 timeWait
192.168.180.159 5985 192.168.180.147 35350 timeWait
192.168.180.159 5985 192.168.180.147 35358 timeWait
192.168.180.159 5985 192.168.180.147 35362 timeWait
192.168.180.159 5985 192.168.180.147 35364 timeWait
192.168.180.159 5985 192.168.180.147 35376 timeWait
192.168.180.159 5985 192.168.180.147 35390 timeWait
192.168.180.159 5985 192.168.180.147 35398 timeWait
192.168.180.159 5985 192.168.180.147 35402 timeWait
192.168.180.159 5985 192.168.180.147 35408 timeWait
192.168.180.159 5985 192.168.180.147 35422 timeWait
192.168.180.159 5985 192.168.180.147 35434 timeWait
192.168.180.159 5985 192.168.180.147 35446 timeWait
192.168.180.159 5985 192.168.180.147 35452 timeWait
192.168.180.159 5985 192.168.180.147 35464 timeWait
192.168.180.159 5985 192.168.180.147 35480 timeWait
192.168.180.159 5985 192.168.180.147 35496 timeWait
192.168.180.159 5985 192.168.180.147 35500 timeWait
192.168.180.159 5985 192.168.180.147 35504 timeWait
192.168.180.159 5985 192.168.180.147 35516 timeWait
192.168.180.159 5985 192.168.180.147 35522 timeWait
192.168.180.159 5985 192.168.180.147 35538 finWait1
192.168.180.159 8019 192.168.180.147 38130 timeWait
192.168.180.159 8019 192.168.180.147 38134 timeWait
192.168.180.159 8022 192.168.180.147 36514 timeWait
192.168.180.159 8022 192.168.180.147 46526 timeWait
192.168.180.159 8022 192.168.180.147 46532 timeWait
192.168.180.159 8022 192.168.180.147 46540 timeWait
192.168.180.159 8022 192.168.180.147 46790 timeWait
192.168.180.159 8022 192.168.180.147 46800 timeWait
192.168.180.159 8022 192.168.180.147 46814 timeWait
192.168.180.159 8022 192.168.180.147 46820 timeWait
192.168.180.159 8022 192.168.180.147 46832 timeWait
192.168.180.159 8022 192.168.180.147 46846 timeWait
192.168.180.159 8022 192.168.180.147 46854 timeWait
192.168.180.159 8022 192.168.180.147 46858 timeWait
192.168.180.159 8022 192.168.180.147 46866 timeWait
192.168.180.159 8022 192.168.180.147 47212 timeWait
192.168.180.159 8022 192.168.180.147 47218 timeWait
192.168.180.159 8022 192.168.180.147 47228 timeWait
192.168.180.159 8022 192.168.180.147 47240 timeWait
192.168.180.159 8022 192.168.180.147 47252 timeWait
192.168.180.159 8022 192.168.180.147 47254 timeWait
192.168.180.159 8022 192.168.180.147 47260 timeWait
192.168.180.159 8022 192.168.180.147 47264 timeWait
192.168.180.159 8022 192.168.180.147 47276 timeWait
192.168.180.159 8022 192.168.180.147 47278 timeWait
192.168.180.159 8022 192.168.180.147 47290 timeWait
192.168.180.159 8028 192.168.180.147 45928 established
192.168.180.159 8031 192.168.180.147 36970 timeWait
192.168.180.159 8080 192.168.180.147 60340 timeWait
192.168.180.159 8080 192.168.180.147 60354 timeWait
192.168.180.159 8080 192.168.180.147 60356 timeWait
192.168.180.159 8080 192.168.180.147 60372 timeWait
192.168.180.159 8080 192.168.180.147 60388 timeWait
192.168.180.159 8080 192.168.180.147 60402 timeWait
192.168.180.159 8080 192.168.180.147 60408 timeWait
192.168.180.159 8080 192.168.180.147 60416 timeWait
192.168.180.159 8080 192.168.180.147 60424 timeWait
192.168.180.159 8080 192.168.180.147 60434 timeWait
192.168.180.159 8080 192.168.180.147 60448 timeWait
192.168.180.159 8080 192.168.180.147 60460 timeWait
192.168.180.159 8080 192.168.180.147 60476 timeWait
192.168.180.159 8080 192.168.180.147 60492 timeWait
192.168.180.159 8080 192.168.180.147 60500 timeWait
192.168.180.159 8080 192.168.180.147 60516 timeWait
192.168.180.159 8080 192.168.180.147 60526 timeWait
192.168.180.159 8080 192.168.180.147 60542 timeWait
192.168.180.159 8080 192.168.180.147 60556 timeWait
192.168.180.159 8080 192.168.180.147 60570 timeWait
192.168.180.159 8080 192.168.180.147 60572 timeWait
192.168.180.159 8080 192.168.180.147 60578 timeWait
192.168.180.159 8080 192.168.180.147 60586 timeWait
192.168.180.159 8080 192.168.180.147 60594 timeWait
192.168.180.159 8080 192.168.180.147 60604 finWait2
192.168.180.159 8080 192.168.180.147 60610 finWait2
192.168.180.159 8181 192.168.180.147 49502 timeWait
192.168.180.159 8282 192.168.180.147 39916 timeWait
192.168.180.159 8282 192.168.180.147 39924 timeWait
192.168.180.159 8282 192.168.180.147 39936 timeWait
192.168.180.159 8282 192.168.180.147 39948 timeWait
192.168.180.159 8282 192.168.180.147 39950 timeWait
192.168.180.159 8282 192.168.180.147 39952 timeWait
192.168.180.159 8282 192.168.180.147 39958 timeWait
192.168.180.159 8282 192.168.180.147 39972 timeWait
192.168.180.159 8282 192.168.180.147 39978 timeWait
192.168.180.159 8282 192.168.180.147 39982 timeWait
192.168.180.159 8282 192.168.180.147 39996 timeWait
192.168.180.159 8282 192.168.180.147 40002 timeWait
192.168.180.159 8282 192.168.180.147 40014 timeWait
192.168.180.159 8282 192.168.180.147 40016 timeWait
192.168.180.159 8282 192.168.180.147 40018 timeWait
192.168.180.159 8282 192.168.180.147 40028 timeWait
192.168.180.159 8282 192.168.180.147 40042 timeWait
192.168.180.159 8282 192.168.180.147 40044 timeWait
192.168.180.159 8282 192.168.180.147 40050 timeWait
192.168.180.159 8282 192.168.180.147 40060 timeWait
192.168.180.159 8282 192.168.180.147 40064 timeWait
192.168.180.159 8282 192.168.180.147 40072 timeWait
192.168.180.159 8282 192.168.180.147 40074 timeWait
192.168.180.159 8282 192.168.180.147 40078 timeWait
192.168.180.159 8282 192.168.180.147 40086 timeWait
192.168.180.159 8282 192.168.180.147 40092 timeWait
192.168.180.159 8282 192.168.180.147 40096 timeWait
192.168.180.159 8282 192.168.180.147 40112 timeWait
192.168.180.159 8443 192.168.180.147 41740 timeWait
192.168.180.159 8443 192.168.180.147 41746 timeWait
192.168.180.159 8443 192.168.180.147 41750 timeWait
192.168.180.159 8443 192.168.180.147 41758 timeWait
192.168.180.159 8443 192.168.180.147 41774 timeWait
192.168.180.159 8443 192.168.180.147 41780 timeWait
192.168.180.159 8443 192.168.180.147 41796 timeWait
192.168.180.159 8443 192.168.180.147 41806 timeWait
192.168.180.159 8443 192.168.180.147 41812 timeWait
192.168.180.159 8443 192.168.180.147 41824 timeWait
192.168.180.159 8443 192.168.180.147 41838 timeWait
192.168.180.159 8443 192.168.180.147 41844 timeWait
192.168.180.159 8443 192.168.180.147 41856 timeWait
192.168.180.159 8443 192.168.180.147 41870 timeWait
192.168.180.159 8443 192.168.180.147 41892 timeWait
192.168.180.159 8443 192.168.180.147 41902 timeWait
192.168.180.159 8443 192.168.180.147 41908 timeWait
192.168.180.159 8443 192.168.180.147 41924 timeWait
192.168.180.159 8443 192.168.180.147 41940 timeWait
192.168.180.159 8443 192.168.180.147 41944 timeWait
192.168.180.159 8443 192.168.180.147 41954 timeWait
192.168.180.159 8443 192.168.180.147 41962 timeWait
192.168.180.159 8443 192.168.180.147 59050 timeWait
192.168.180.159 8484 192.168.180.147 45758 timeWait
192.168.180.159 8484 192.168.180.147 45768 timeWait
192.168.180.159 8484 192.168.180.147 45770 timeWait
192.168.180.159 8484 192.168.180.147 45772 timeWait
192.168.180.159 8484 192.168.180.147 45776 timeWait
192.168.180.159 8484 192.168.180.147 45788 timeWait
192.168.180.159 8484 192.168.180.147 45796 timeWait
192.168.180.159 8484 192.168.180.147 45812 timeWait
192.168.180.159 8484 192.168.180.147 45818 timeWait
192.168.180.159 8484 192.168.180.147 45842 timeWait
192.168.180.159 8484 192.168.180.147 45858 timeWait
192.168.180.159 8484 192.168.180.147 45874 timeWait
192.168.180.159 8484 192.168.180.147 45882 timeWait
192.168.180.159 8484 192.168.180.147 45886 timeWait
192.168.180.159 8484 192.168.180.147 45894 timeWait
192.168.180.159 8484 192.168.180.147 45910 timeWait
192.168.180.159 8484 192.168.180.147 45924 timeWait
192.168.180.159 8484 192.168.180.147 45936 timeWait
192.168.180.159 8484 192.168.180.147 45940 timeWait
192.168.180.159 8484 192.168.180.147 45950 timeWait
192.168.180.159 8484 192.168.180.147 45952 timeWait
192.168.180.159 8484 192.168.180.147 45956 timeWait
192.168.180.159 8484 192.168.180.147 45960 timeWait
192.168.180.159 8484 192.168.180.147 45976 timeWait
192.168.180.159 8484 192.168.180.147 45978 timeWait
192.168.180.159 8484 192.168.180.147 45984 timeWait
192.168.180.159 8484 192.168.180.147 45986 timeWait
192.168.180.159 8484 192.168.180.147 45992 timeWait
192.168.180.159 8585 192.168.180.147 43762 timeWait
192.168.180.159 8585 192.168.180.147 46134 timeWait
192.168.180.159 8585 192.168.180.147 46146 timeWait
192.168.180.159 8585 192.168.180.147 46160 timeWait
192.168.180.159 8585 192.168.180.147 46168 timeWait
192.168.180.159 8585 192.168.180.147 46170 timeWait
192.168.180.159 8585 192.168.180.147 46390 timeWait
192.168.180.159 8585 192.168.180.147 46402 timeWait
192.168.180.159 8585 192.168.180.147 47882 timeWait
192.168.180.159 8585 192.168.180.147 49202 timeWait
192.168.180.159 8585 192.168.180.147 49210 timeWait
192.168.180.159 8585 192.168.180.147 49222 timeWait
192.168.180.159 8585 192.168.180.147 49226 timeWait
192.168.180.159 8585 192.168.180.147 49242 timeWait
192.168.180.159 8585 192.168.180.147 49258 timeWait
192.168.180.159 8585 192.168.180.147 49262 timeWait
192.168.180.159 8585 192.168.180.147 52766 timeWait
192.168.180.159 8585 192.168.180.147 52782 timeWait
192.168.180.159 8585 192.168.180.147 52792 timeWait
192.168.180.159 8585 192.168.180.147 52802 timeWait
192.168.180.159 8585 192.168.180.147 52806 timeWait
192.168.180.159 8585 192.168.180.147 52818 timeWait
192.168.180.159 8585 192.168.180.147 52822 timeWait
192.168.180.159 8585 192.168.180.147 52836 timeWait
192.168.180.159 8585 192.168.180.147 52848 timeWait
192.168.180.159 8585 192.168.180.147 52858 timeWait
192.168.180.159 8585 192.168.180.147 52866 timeWait
192.168.180.159 8585 192.168.180.147 52882 timeWait
192.168.180.159 8585 192.168.180.147 52892 timeWait
192.168.180.159 8585 192.168.180.147 52894 timeWait
192.168.180.159 8585 192.168.180.147 52906 timeWait
192.168.180.159 8585 192.168.180.147 52912 finWait2
192.168.180.159 8585 192.168.180.147 53350 timeWait
192.168.180.159 9300 192.168.180.147 45376 timeWait
192.168.180.159 9300 192.168.180.147 45392 timeWait
192.168.180.159 9300 192.168.180.159 49183 established
192.168.180.159 9300 192.168.180.159 49184 established
192.168.180.159 9300 192.168.180.159 49185 established
192.168.180.159 9300 192.168.180.159 49186 established
192.168.180.159 9300 192.168.180.159 49187 established
192.168.180.159 9300 192.168.180.159 49188 established
192.168.180.159 9300 192.168.180.159 49189 established
192.168.180.159 9300 192.168.180.159 49190 established
192.168.180.159 9300 192.168.180.159 49191 established
192.168.180.159 9300 192.168.180.159 49192 established
192.168.180.159 9300 192.168.180.159 49193 established
192.168.180.159 9300 192.168.180.159 49194 established
192.168.180.159 9300 192.168.180.159 49195 established
192.168.180.159 47001 192.168.180.147 52922 timeWait
192.168.180.159 47001 192.168.180.147 52928 timeWait
192.168.180.159 47001 192.168.180.147 52932 timeWait
192.168.180.159 47001 192.168.180.147 52938 timeWait
192.168.180.159 47001 192.168.180.147 52944 timeWait
192.168.180.159 47001 192.168.180.147 52950 timeWait
192.168.180.159 47001 192.168.180.147 52960 timeWait
192.168.180.159 47001 192.168.180.147 52966 timeWait
192.168.180.159 47001 192.168.180.147 52980 timeWait
192.168.180.159 47001 192.168.180.147 52986 timeWait
192.168.180.159 47001 192.168.180.147 52994 timeWait
192.168.180.159 47001 192.168.180.147 52996 timeWait
192.168.180.159 47001 192.168.180.147 53006 timeWait
192.168.180.159 47001 192.168.180.147 53010 timeWait
192.168.180.159 47001 192.168.180.147 53022 timeWait
192.168.180.159 47001 192.168.180.147 53034 timeWait
192.168.180.159 47001 192.168.180.147 53044 timeWait
192.168.180.159 47001 192.168.180.147 53050 timeWait
192.168.180.159 47001 192.168.180.147 53054 timeWait
192.168.180.159 47001 192.168.180.147 53062 timeWait
192.168.180.159 47001 192.168.180.147 53066 timeWait
192.168.180.159 47001 192.168.180.147 53076 timeWait
192.168.180.159 47001 192.168.180.147 53088 timeWait
192.168.180.159 47001 192.168.180.147 53100 timeWait
192.168.180.159 47001 192.168.180.147 53102 timeWait
192.168.180.159 47001 192.168.180.147 53104 timeWait
192.168.180.159 47001 192.168.180.147 53106 timeWait
192.168.180.159 47001 192.168.180.147 53116 timeWait
192.168.180.159 49156 192.168.180.147 46640 closeWait
192.168.180.159 49156 192.168.180.147 57920 closeWait
192.168.180.159 49156 192.168.180.147 57936 closeWait
192.168.180.159 49183 192.168.180.159 9300 established
192.168.180.159 49184 192.168.180.159 9300 established
192.168.180.159 49185 192.168.180.159 9300 established
192.168.180.159 49186 192.168.180.159 9300 established
192.168.180.159 49187 192.168.180.159 9300 established
192.168.180.159 49188 192.168.180.159 9300 established
192.168.180.159 49189 192.168.180.159 9300 established
192.168.180.159 49190 192.168.180.159 9300 established
192.168.180.159 49191 192.168.180.159 9300 established
192.168.180.159 49192 192.168.180.159 9300 established
192.168.180.159 49193 192.168.180.159 9300 established
192.168.180.159 49194 192.168.180.159 9300 established
192.168.180.159 49195 192.168.180.159 9300 established
192.168.180.159 49256 192.168.180.147 40360 timeWait
192.168.180.159 49256 192.168.180.147 40366 timeWait
192.168.180.159 49256 192.168.180.147 40380 timeWait
192.168.180.159 49256 192.168.180.147 40392 established
192.168.180.159 49308 192.168.180.147 48608 timeWait
192.168.180.159 49308 192.168.180.147 48616 established
192.168.180.159 49308 192.168.180.147 48628 timeWait
192.168.180.159 49309 192.168.180.147 36120 timeWait
192.168.180.159 49309 192.168.180.147 36130 timeWait
192.168.180.159 49310 192.168.180.147 33522 closeWait
192.168.180.159 49310 192.168.180.147 33526 closeWait
192.168.180.159 49310 192.168.180.147 36930 closeWait
192.168.180.159 49310 192.168.180.147 36944 closeWait
192.168.180.159 49310 192.168.180.147 38560 closeWait
192.168.180.159 49310 192.168.180.147 38574 closeWait
192.168.180.159 49310 192.168.180.147 40354 closeWait
192.168.180.159 49310 192.168.180.147 40366 closeWait
192.168.180.159 49310 192.168.180.147 41998 closeWait
192.168.180.159 49310 192.168.180.147 44258 closeWait
192.168.180.159 49310 192.168.180.147 44578 closeWait
192.168.180.159 49310 192.168.180.147 44592 closeWait
192.168.180.159 49310 192.168.180.147 45654 closeWait
192.168.180.159 49310 192.168.180.147 45670 closeWait
192.168.180.159 49310 192.168.180.147 50542 closeWait
192.168.180.159 49310 192.168.180.147 50548 closeWait
192.168.180.159 49310 192.168.180.147 51128 closeWait
192.168.180.159 49310 192.168.180.147 51142 closeWait
192.168.180.159 49310 192.168.180.147 53152 closeWait
192.168.180.159 49310 192.168.180.147 53162 closeWait
192.168.180.159 49310 192.168.180.147 53814 closeWait
192.168.180.159 49310 192.168.180.147 53830 closeWait
192.168.180.159 49310 192.168.180.147 55884 closeWait
192.168.180.159 49310 192.168.180.147 55900 closeWait
192.168.180.159 49310 192.168.180.147 56170 established
192.168.180.159 49310 192.168.180.147 58328 closeWait
192.168.180.159 49310 192.168.180.147 58338 closeWait
192.168.180.159 49310 192.168.180.147 58618 closeWait
192.168.180.159 49310 192.168.180.147 58628 closeWait
192.168.180.159 49336 192.168.180.159 8686 timeWait
192.168.180.159 49337 192.168.180.159 49305 timeWait
[*] Listening UDP ports:
Local address Local port
0.0.0.0 123
0.0.0.0 161
0.0.0.0 500
0.0.0.0 4500
0.0.0.0 5353
0.0.0.0 5355
0.0.0.0 33848
0.0.0.0 54328
127.0.0.1 51862
192.168.180.159 137
192.168.180.159 138
[*] Network services:
Index Name
0 jmx
1 Power
2 Server
3 jenkins
4 IP Helper
5 DNS Client
6 wampapache
7 wampmysqld
8 DHCP Client
9 Workstation
10 SNMP Service
11 VMware Tools
12 Windows Time
13 Plug and Play
14 Print Spooler
15 OpenSSH Server
16 Task Scheduler
17 Windows Update
18 Remote Registry
19 Windows Firewall
20 COM+ Event System
21 Windows Event Log
22 IPsec Policy Agent
23 Group Policy Client
24 Network Connections
25 RPC Endpoint Mapper
26 Software Protection
27 Network List Service
28 User Profile Service
29 Base Filtering Engine
30 Microsoft FTP Service
31 TCP/IP NetBIOS Helper
32 Application Experience
33 Cryptographic Services
34 Diagnostic System Host
35 Certificate Propagation
36 Remote Desktop Services
37 Shell Hardware Detection
38 domain1 GlassFish Server
39 Apache Tomcat 8.0 Tomcat8
40 Diagnostic Policy Service
41 Security Accounts Manager
42 Network Location Awareness
43 Windows Font Cache Service
44 Remote Procedure Call (RPC)
45 DCOM Server Process Launcher
46 Remote Desktop Configuration
47 Application Host Helper Service
48 Network Store Interface Service
49 Distributed Link Tracking Client
50 System Event Notification Service
51 World Wide Web Publishing Service
52 Windows Management Instrumentation
53 Windows Process Activation Service
54 Distributed Transaction Coordinator
55 IKE and AuthIP IPsec Keying Modules
56 ManageEngine Desktop Central Server
57 VMware CAF Management Agent Service
58 VMware Physical Disk Helper Service
59 Windows Licensing Monitoring Service
60 Desktop Window Manager Session Manager
61 VMware Alias Manager and Ticket Service
62 WinHTTP Web Proxy Auto-Discovery Service
63 Windows Remote Management (WS-Management)
64 Elasticsearch 1.1.1 (elasticsearch-service-x64)
65 Remote Desktop Services UserMode Port Redirector
[*] Processes:
Id Status Name Path Parameters
1 running System Idle Process
4 running System
132 running svchost.exe
232 running smss.exe \SystemRoot\System32\
316 running csrss.exe %SystemRoot%\system32\ ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:User
408 running wininit.exe
416 running csrss.exe %SystemRoot%\system32\ ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:User
420 running svchost.exe
472 running winlogon.exe
504 running services.exe C:\Windows\system32\
520 running lsass.exe C:\Windows\system32\
528 running lsm.exe C:\Windows\system32\
580 running taskeng.exe {2CACF2A5-B504-4A84-9ADC-72389D38A935}
628 running svchost.exe
696 running vmacthlp.exe C:\Program Files\VMware\VMware Tools\
740 running svchost.exe
828 running svchost.exe
876 running svchost.exe
924 running svchost.exe
980 running svchost.exe
1000 running taskhost.exe
1036 running cmd.exe /c "C:\Program Files\Rails_Server\start_rails_server.bat"
1064 running conhost.exe \??\C:\Windows\system32\
1132 running spoolsv.exe
1164 running svchost.exe
1188 running wrapper.exe
1208 running WmiPrvSE.exe
1252 running java.exe C:\ProgramData\Oracle\Java\javapath\ -jar "C:\Program Files\jenkins\jenkins.war" --httpPort=8484
1272 running cmd.exe C:\Windows\system32\ /c "C:\Program Files\jmx\start_jmx.bat"
1308 running conhost.exe \??\C:\Windows\system32\
1316 running domain1Service.exe
1388 running elasticsearch-service-x64.exe C:\Program Files\elasticsearch-1.1.1\bin\ //RS//elasticsearch-service-x64
1396 running conhost.exe \??\C:\Windows\system32\
1428 running svchost.exe
1448 running jenkins.exe
1476 running cmd.exe /c ""C:/glassfish/glassfish4/glassfish/lib/nadmin.bat" start-domain --watchdog --domaindir C:\\glassfish\\glassfish4\\glassfish
1488 running conhost.exe \??\C:\Windows\system32\
1536 running java.exe -jar "C:\glassfish\glassfish4\glassfish\lib\..\modules\admin-cli.jar" start-domain --watchdog --domaindir C:\\glassfish\\glassf
1568 running conhost.exe \??\C:\Windows\system32\
1612 running java.exe
1768 running jmx.exe
1804 running conhost.exe \??\C:\Windows\system32\
1868 running svchost.exe
1892 running ruby.exe C:\tools\ruby23\bin\ "C:\tools\ruby23\bin\rails" server
2028 running cygrunsrv.exe C:\Program Files\OpenSSH\bin\
2052 running snmp.exe C:\Windows\System32\
2088 running conhost.exe \??\C:\Windows\system32\
2144 running sshd.exe C:\Program Files\OpenSSH\usr\sbin\
2152 running tomcat8.exe C:\Program Files\Apache Software Foundation\tomcat\apache-tomcat-8.0.33\bin\ //RS//Tomcat8
2164 running java.exe C:\openjdk6\openjdk-1.6.0-unofficial-b27-windows-amd64\jre\bin\ -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1617 -Dcom.sun.management.jmxremote.authenticate=false -Dco
2172 running conhost.exe \??\C:\Windows\system32\
2256 running VGAuthService.exe C:\Program Files\VMware\VMware Tools\VMware VGAuth\
2392 running conhost.exe \??\C:\Windows\system32\
2428 running cmd.exe /C ""C:/ManageEngine/DesktopCentral_Server/pgsql/bin/postgres.exe" -D "C:/ManageEngine/DesktopCentral_Server/pgsql/data" -p8028
2468 running postgres.exe -D "C:/ManageEngine/DesktopCentral_Server/pgsql/data" -p8028
2492 running vmtoolsd.exe C:\Program Files\VMware\VMware Tools\
2556 running postgres.exe "--forklog" "9284" "9288"
2604 running ManagementAgentHost.exe C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\
2680 running postgres.exe "--forkboot" "9156" "-x4"
2688 running postgres.exe "--forkboot" "9152" "-x3"
2696 running postgres.exe "--forkboot" "9156" "-x5"
2704 running postgres.exe "--forkavlauncher" "9152"
2712 running postgres.exe "--forkarch" "9156"
2720 running postgres.exe "--forkcol" "9152"
2788 running httpd.exe
2928 running mysqld.exe c:\wamp\bin\mysql\mysql5.5.20\bin\ wampmysqld
2964 running httpd.exe C:\wamp\bin\apache\apache2.2.21\bin\ -d C:/wamp/bin/apache/Apache2.2.21
2996 running java.exe
3012 running conhost.exe \??\C:\Windows\system32\
3100 running svchost.exe C:\Windows\system32\ -k iissvcs
3116 running svchost.exe
3168 running postgres.exe "--forkbackend" "9152"
3260 running wlms.exe C:\Windows\system32\wlms\
3664 running sppsvc.exe
3972 running postgres.exe "--forkbackend" "9120"
3980 running svchost.exe
4196 running w3wp.exe c:\windows\system32\inetsrv\ -ap "DefaultAppPool" -v "v2.0" -l "webengine4.dll" -a \\.\pipe\iisipmf062f5d4-7e95-40b0-bb4a-822a5e81aa59 -h "C:\inetpub\temp\ap
4304 running dinotify.exe C:\Windows\System32\ pnpui.dll,SimplifiedDINotification
4348 running svchost.exe
4556 running postgres.exe "--forkbackend" "9120"
4756 running WmiPrvSE.exe C:\Windows\system32\wbem\
4932 running postgres.exe "--forkbackend" "188"
5316 running rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{c44e8ec2-2917-48ed-bda9-c0e987bb
5400 running dwm.exe C:\Windows\system32\
5424 running explorer.exe C:\Windows\
5528 running postgres.exe "--forkbackend" "9212"
5684 running postgres.exe "--forkbackend" "9120"
5696 running vmtoolsd.exe C:\Program Files\VMware\VMware Tools\ -n vmusr
5756 running ruby.exe C:\tools\ruby23\bin\ bin/rails server
6036 running postgres.exe "--forkbackend" "188"
6088 running msdtc.exe
6124 running cmd.exe C:\Windows\system32\
6132 running conhost.exe \??\C:\Windows\system32\
[*] Storage information:
Description : ["C:\\ Label:Windows 2008R2 Serial Number 20fe4de9"]
Device id : [#<SNMP::Integer:0x00007f57365acbe0 @value=1>]
Filesystem type : ["unknown"]
Device unit : [#<SNMP::Integer:0x00007f57365b6f50 @value=4096>]
Memory size : 60.00 GB
Memory used : 16.03 GB
Description : ["D:\\"]
Device id : [#<SNMP::Integer:0x00007f57365d1fd0 @value=2>]
Filesystem type : ["unknown"]
Device unit : [#<SNMP::Integer:0x00007f57365d4488 @value=0>]
Memory size : 0 bytes
Memory used : 0 bytes
Description : ["Virtual Memory"]
Device id : [#<SNMP::Integer:0x00007f57365fe288 @value=3>]
Filesystem type : ["unknown"]
Device unit : [#<SNMP::Integer:0x00007f573660db20 @value=65536>]
Memory size : 4.73 GB
Memory used : 4.10 GB
Description : ["Physical Memory"]
Device id : [#<SNMP::Integer:0x00007f57362ffcf8 @value=4>]
Filesystem type : ["unknown"]
Device unit : [#<SNMP::Integer:0x00007f57362fd890 @value=65536>]
Memory size : 2.00 GB
Memory used : 1.82 GB
[*] File system information:
Index : 1
Mount point :
Remote mount point : -
Access : 1
Bootable : 1
[*] Device information:
Id Type Status Descr
1 unknown running Unknown Processor Type
2 unknown running Unknown Processor Type
3 unknown unknown Software Loopback Interface 1
4 unknown unknown WAN Miniport (SSTP)
5 unknown unknown WAN Miniport (L2TP)
6 unknown unknown WAN Miniport (PPTP)
7 unknown unknown WAN Miniport (PPPOE)
8 unknown unknown WAN Miniport (IPv6)
9 unknown unknown WAN Miniport (Network Monitor)
10 unknown unknown WAN Miniport (IP)
11 unknown unknown RAS Async Adapter
12 unknown unknown WAN Miniport (IKEv2)
13 unknown unknown Intel(R) PRO/1000 MT Desktop Adapter
14 unknown unknown Microsoft ISATAP Adapter
15 unknown unknown Teredo Tunneling Pseudo-Interface
16 unknown unknown Intel(R) PRO/1000 MT Desktop Adapter #2
17 unknown unknown Microsoft ISATAP Adapter #2
18 unknown unknown Intel(R) PRO/1000 MT Network Connection
19 unknown unknown Intel(R) PRO/1000 MT Network Connection-QoS Packet Scheduler-000
20 unknown unknown Intel(R) PRO/1000 MT Network Connection-WFP LightWeight Filter-0
21 unknown unknown WAN Miniport (IPv6)-QoS Packet Scheduler-0000
22 unknown unknown WAN Miniport (IP)-QoS Packet Scheduler-0000
23 unknown unknown WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
24 unknown unknown D:\
25 unknown running Fixed Disk
26 unknown running IBM enhanced (101- or 102-key) keyboard, Subtype=(0)
[*] Software components:
Index Name
1 7-Zip 16.04 (x64)
2 Microsoft .NET Framework 4 Client Profile
3 Microsoft .NET Framework 4 Extended
4 OpenSSH for Windows 7.1p1-1 (remove only)
5 Oracle VM VirtualBox Guest Additions 5.1.22
6 Java 8 Update 131 (64-bit)
7 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
8 Java SE Development Kit 8 Update 131 (64-bit)
9 Microsoft .NET Framework 4 Extended
10 VMware Tools
11 Microsoft .NET Framework 4 Client Profile
[*] IIS server information:
TotalBytesSentLowWord : 1195448
TotalBytesReceivedLowWord : 4206
TotalFilesSent : 10
CurrentAnonymousUsers : 0
CurrentNonAnonymousUsers : 0
TotalAnonymousUsers : 0
TotalNonAnonymousUsers : 27
MaxAnonymousUsers : 0
MaxNonAnonymousUsers : 2
CurrentConnections : 0
MaxConnections : 0
ConnectionAttempts : 3
LogonAttempts : 21
Gets : 27
Posts : 11
Heads : 6
Others : 2
CGIRequests : 0
BGIRequests : 0
NotFoundErrors : 0다양한 정보들이 노출 되며 간단하게 알아보자면
현 서버에 정보들
서버에 소속된 계정 정보
네트워크 정보와 네트워크 인터페이스 정보
프로세스 정보
용량 정보
이외에도 TCP포트 정보,UDP 포트정보 ,네트워크 서비스, 파일 시스템 정보, 디바이스(물리) 정보,설치된 소프트웨어정보 , IIS 서버 정보 들이 노출되어 있다.
해결법
가장 큰 해결법은 버전을 업데이트를 하는것이다.
snmpv1 은 상당히 취약한 버전이다. 가장 좋은 방법은 snmpv3 로 업데이트를 하는 방식이지만
상황이 여의치 않거나 빠르게 임시적이라도 취약한 부분을 매꾸기 위해서는 다음과 같은 방법을 이용하면 된다.
서버에서 서비스 항목에 접속을 한다 .
SNMP 서비스를 찾아서 속성에 접속을 한다.
security 탭에 들어가면
그 문제에 public (노란색 하이라이트) 을 확인 할수 있다.
community 를 public이 아닌 단어로 변경을 한다.
snmp-check은 community 값을 public을 디폴트로 지정해 놨기 때문에 이름이 바뀌어 버렸으면 검색을 할 수 없다.
물론 공격자가 community 이름을 알아낸 상태라면 다시 취약할수 있다.
참고
http://www.ktword.co.kr/test/view/view.php?m_temp1=279
https://www.empsn.org.uk/support/blog/2021/11/12/reported-vulnerabilities-snmp-port-161/
반응형
'보안 > 모의해킹' 카테고리의 다른 글
| Proxmark3 로 출입증 복사하기 (0) | 2024.05.15 |
|---|---|
| CVE-2015-8249 취약점 분석 (1) | 2023.11.30 |
| Method 허용 취약점 , webdav로 실습 (0) | 2023.11.11 |
| vsftp 2.3.4 취약점 분석 ,Meterpreter를 이용한 백도어 설치(후속공격) (0) | 2023.10.24 |
| 이터널 블루 (Eternal Blue ) 분석 /Operation failed: 1314 오류 해결 (0) | 2023.10.19 |
