Monitoring Processes via SNMP

foothold, enum, networking, snmp

Overview #

Attacker can monitor internal server processes by querying SNMP remotely from attacker machine. He may find juicy informations such as passwords passed on to scripts as arguments.

Steps #

Run the following script. This will put ${TIMESTAMP}.txt files on your current directory which you can diff with each other.

#!/bin/bash


get_timestamp() {
  date +'%m-%d-%Y-%H-%M-%S'
}

while true; do
  echo "[$(get_timestamp)] Checking processes .."
  snmp-check 10.10.10.241 -v1 | egrep -v '(Uptime (snmp|system)|kworker)' > $(get_timestamp).txt
  sleep 10
done

Alternatives #

snmpwalk -c public -v 1 sneaky 1.3.6.1.2.1.25.4.2.1.2