Differences

This shows you the differences between two versions of the page.

--- method_2_recon [2022/12/31 00:24] – [[1] OSInt] gman
+++ method_2_recon [2022/12/31 22:10] (current) – [SMTP] gman
@@ Line 87: / Line 87: @@
   * This will dump all the metadata into Metadata Summary and Document Analysis
   * Have fun!
+===== Routing Info =====
+Routing information is network information, and you can find it in public BGP((Border Gateway Protocol)) route information servers called BGP Looking Glasses.
+  * You can find a list of them here: [[https://www.bgp4.as/looking-glasses | bgp4]]
 ----
@@ Line 248: / Line 253: @@
 Example syntax: ''dnsenum --enum google.com''
+===== SMTP =====
+**Simple Mail Transfer Protocol (SMTP):** A vintage email sending protocol.
+  * No much built in security.
+  * Runs on port 25.
+You can gather info on SMTP by telnetting to the service port (25) and grabbing the banner information and then using [[https://cr.yp.to/smtp/vrfy.html |VRFY and/or EXPN]] to gather more info. Example sytax:
+<code>
+telnet example.server.com 25
+# once connected, type:
+VRFY [username]
+# or
+EXPN [user_alias]
+</code>
+**Exploits:** SMTP exploits are usually associated with a vulnerable version.
+  * Connect (by telnet). Grab banner info (VRFY, EXPN).
+  * This should give you a clue as to the SMTP version on your target.
+===== SNMP =====
+You can use SNMP to gather information on a system //**if**// you have access to the system //**and**// you know the "read" community string (which is often: ''public'').
+**Tools:**
+  - [[https://www.kali.org/tools/snmpenum/ | snmpenum]]
+  - [[http://www.net-snmp.org/wiki/index.php/Snmpwalk | snmpwalk]]
+<code>
+# Example syntax for snmpwalk, assuming 'public' as the community string
+snmpwalk -c public -v1 192.168.1.1
+</code>
 ----