Steinz Security

  might be available via RPC -111 port as well. # nmap nmap --script=nfs-ls.nse,nfs-showmount.nse,nfs-statfs.nse 10.10.10.10 -Pn #Check if NFS is actually running or not; Update RPC process ID rpcinfo -p 10.10.10.10 rpcinfo -n 2049 -t 10.10.10.10 100005 #List the available mountable shares showmount -e #Mount a drive mkdir /tmp/new mount -t nfs 10.10.10.10:/ /tmp/new -o nolock -o vers=3 or mount -t nfs4 -o proto=tcp,port=2049 10.10.10.10:/home /tmp/new/ Note: if requested NFS version or transport protocol is not supported, change the version (-o vers=3) or (-o vers=2) or totally remove the version and let it take the version. you can also add -o rw,vers=3

   - SNMP is enabled on many VOIP Devices; check for it   VOIP Protocols - H.323 - Can Initiate, authenticate, end a request. - Session Initiation Protocol (SIP) - ASCII protocol - reqeuest/response. -  Real-Time Transport Protocol (RTP) - After connecting via VOIP, RTP is used - Secure Real time Transport Protocol (SRTP) #Nmap nmap -O -P0 10.10.10.0/23 #Ports UDP/TCP - 5060 & 5061 #Cisco SCCP Enabled ports UDP/TCP - 2000-2001 #UDP or TCP - VXWORKS remote debugging Port 17185 # cisco-audit-tool CAT -h ip -p 2000 -w /usr/share/wordlists/rockyou.txt # cisco-smart-install https://github.com/Sab0tag3d/SIET/ sudo python siet.py -g -i 192.168.0.1 Enumeration SIP - 'User Agent' & 'Server' SIP phone Extensions (usernames) TFTP Config files SNMP Config Using Netcat nc 10.10.10.10 5060 > OPTIONS sip:test@10.10.10.10 SIP/2.0 SNMP snmpwalk -c public -v 10.10.10.10 1.3.6.1.4.1.6889 SIPVicious Github python3 setup.py install #Scan a set of IP's concurrenrly for ip