Sunday 9 April 2017

Default Credentials Vulnerability : Attacking Network - Network Pentesting




Default Credentials Vulnerability : Attacking Network - Network Pentesting


Hello reader, We have talked lots of about Web Hacking & today i decided to blog some intresting things about Attacking Network - Network Pentesting.

For your information, for demonstration purpose i am using Vyatta VM, which you can also download from http://packages.vyos.net/iso/release/1.1.7/ 

Today we will see the common vulnerability which most of admin do, by keeping default configuration or you can also say keeping default credentials.

So we have a Target machine on 192.168.131.135 & our Attacking Machine on 192.168.131.134

Lets do a Nmap Service Scan on our target machine.

nmap -sV 192.168.131.135 



So we got some information like port 22, 23, 80 & 443.
Apart from all port, 22 & 23 looks interesting for us and it might possible that credentials would be default for that service. 


By Google "VyOS telnetd 1.14.0 or later" we found that default password for this service username is "vyos" & password is "vyos". Let give this a try.


Volla, We logged into the service using Default credentials found over the net.

Okay, its fine. But what about the UDP. Yes in our every network pentesting we should also scan the UDP ports.

So in our case, Lets do UDP Based scanning.

nmap -sU -p 161 -sV 192.168.131.135 [I have specified the port by giving -p 161 commonly used for SNMP service, if you want to do full scan then you can use -p-]



Yes, we found a SNMP service is running on 161 port. SNMP is Simple Network Management Protocol which used to handle/manage network devices, printers, hubs etc.


Now what be the default credentials for this service, we don`t know it. In this case we should use various Nmap NSE script to do this job for us.
In our scan we will add -sC which will run various NSE script against our target machine.

nmap -sU -p 161 -sV -sC 192.168.131.135

If the snmp is running with Default public settings, then nmap will show you certain amount of information regarding SNMP service.



So, here is little post about default credentials, In next we will see How can Brute Force the various services like SSH, SNMP etc.













No comments:

Post a Comment