数学建模社区-数学中国

标题: 对中国先锋网络科技基于SNMP的信息刺探 [打印本页]

作者: 韩冰 时间: 2004-10-5 08:56
标题: 对中国先锋网络科技基于SNMP的信息刺探

作者： Net2k 来自：流星轨迹

对中国先锋网络科技基于SNMP的信息刺探

得到系统正在运行的程序信息： / L1 K# j$ ?1 v: \5 Y8 \------------------------------------------------------------! C; O2 r0 Z! T9 f0 F1 K# L% X Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1 ( B9 J! t/ @. ~) e8 t4 RValue = String System Idle Process

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.8 : K7 S% a* n. j$ q% B4 EValue = String System

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.172) Z$ F; T/ U: g; G Value = String smss.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.196% e; G4 p" v# Z W Value = String winlogon.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2006 q: Q- v6 _( X* W9 x! ]' C4 i Value = String csrss.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.248 , r0 ^ _' p9 O# g* XValue = String services.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.260 / e+ N" ^( l/ ~( x: O; T3 CValue = String lsass.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.296 0 T `; T. d% H# w" a# L# BValue = String wuauclt.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.4561 ~4 x$ {6 h( G. L4 K Value = String svchost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.496; t- m. i9 \. K0 Y Value = String spoolsv.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.524 4 j& j3 c+ m* S) ]3 O" K5 W7 gValue = String msdtc.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.656 ( y5 B U. z2 h/ r, z8 QValue = String DefWatch.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.6760 `. M8 f" x. V! D' e Value = String tcpsvcs.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.692+ c& u/ U+ \: ~* M& Y- e Value = String svchost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.720! s4 S+ R5 r! ~8 P0 e4 a Value = String llssrv.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.764 4 ?6 C, ]- V$ G1 n6 j8 xValue = String Rtvscan.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.872. w, i, h8 g! C5 `4 O9 I; _ Value = String hlds.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.9247 z5 N) U$ F8 Y. R Value = String nvsvc32.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.992 `, Q$ {5 e" _7 J, | Z' Z Value = String Explorer.EXE

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1000$ J- g8 Q- [3 w3 [9 l Value = String regsvc.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1032 i0 o7 y& S9 u/ G2 ? Value = String MSTask.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.10729 \; y/ Z+ T# R2 a& r Value = String snmp.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1092% F& i4 m. b0 J/ R) L Value = String ServUDaemon.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1104 B9 R; D" D5 d% m, L! |5 [3 l/ M( JValue = String SMAgent.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1140 & q+ H6 E* z2 `: \* C/ x- nValue = String WinMgmt.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1164 : Z' y$ u1 t2 P( z8 `; K( N! nValue = String wins.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1176 ( I% y J1 z% o* l% j5 [Value = String svchost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1196. I. ]/ ]5 n* e0 A1 U/ |) V9 M Value = String xconfserver_t.e

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1228 0 c) E" v0 ^6 |' F1 gValue = String Dfssvc.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.12481 `4 g7 O' |, [- v' d o4 l Value = String inetinfo.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1348 ' @2 t j* U ]$ W4 S+ _3 I8 _Value = String dns.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1568 7 y. r: t6 ]2 K( {3 p1 M" CValue = String vptray.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1580, I+ l9 f" N$ }# x8 { Value = String internat.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1844$ l& v V, u- t2 M* h* B Value = String dllhost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.1952% I* Z# {. B& l U$ ? o8 O Value = String dllhost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2060, E+ l# @5 |6 w y Value = String mdm.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2144 * m& m2 s3 i' KValue = String conime.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2216 1 {5 {$ I# k9 Z5 `1 X& ]Value = String hlds.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2336 1 m. I+ W8 b; x3 ] a8 B {Value = String hlds.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2348) Q3 ~& L4 m; b' {" \9 `7 o3 S Value = String svchost.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2424, \3 p1 d! I5 } k# z Value = String hlds.exe

Variable = host.hrSWRun.hrSWRunTable.hrSWRunEntry.hrSWRunName.2460 1 r# k1 e( v7 V! i" n9 d1 [3 TValue = String hlds.exe

End of MIB subtree. & @1 S9 r2 z8 o) } l; l$ z------------------------------------------------------------

得到系统信息:) J) J1 M, M6 M" N- o- Q; f ------------------------------------------------------------, s; }% ^! ]- }* X. Z; U0 C- u Variable = system.sysDescr.0$ I( K/ [4 d5 u$ I8 I0 z+ i Value = String Hardware: x86 Family 15 Model 2 Stepping 9 AT/AT COMPATIBLE -+ O) W) M! z, ~. P' o) _& W Software: Windows 2000 Version 5.0 (Build 2195 Multiprocessor Free)

Variable = system.sysObjectID.0 / Y D7 e- O6 Z" u9 O& ~4 uValue = ObjectID 1.3.6.1.4.1.311.1.1.3.1.2

Variable = system.sysUpTime.0 * x0 o G: H5 l/ F. q: H! r7 I$ G, JValue = TimeTicks 24725698

Variable = system.sysContact.0" y7 l! w$ C/ z Value = String

Variable = system.sysName.0. \; {6 @; S! ?% L Value = String XIAOTOU

Variable = system.sysLocation.0 5 y! H# ^! H1 ]" b4 i) y* EValue = String

Variable = system.sysServices.0* m W& P, @( O* m Value = Integer32 76

End of MIB subtree. - d$ J' o2 k& D1 E; v& n------------------------------------------------------------

------------------------------------------------------------) c" ?/ _" s5 ~$ Z I: m1 L# W 关于snmputil的语法： ) X; g( q2 |2 v+ p) H------------------------------------------------------------$ {) v2 @ C' h% {8 ?8 G7 T5 r get，就理解成获取一个信息。

getnext，就理解成获取下一个信息。

walk，就理解成获取一堆信息（嗯，应该说所有数据库子树/子目录的信息）

agent，具体某台机器拉。

community，嗯就是那个“community strings”“查询密码”拉。

oid，这个要多说一下，这个呢，就是物件识别代码（Object Identifier）。 z/ X* I; h1 P3 ~+ A( |" L* ]0 S............................................................

例： & Q+ B9 E( k8 e+ c( Msnmputil.exe walk 对方IP public .1.3.6.1.2.1.25.4.2.1.2 //**进程列表$ Z$ ^* p* V, [) Z4 v snmputil.exe walk 对方IP public .1.3.6.1.4.77.1.2.25.1.1 //**用户列表 , N4 I0 W. k! A% |; r+ Asnmputil.exe get 对方IP public .1.3.6.1.4.77.1.4.1.0 //**域名 0 G, o5 H" i- ~snmputil.exe walk 对方IP public .1.3.6.1.2.1.25.6.3.1.2 //**安装的软件 5 S3 f8 P9 l% @' b ]snmputil.exe walk 对方IP public .1.3.6.1.2.1.1 //**系统信息

欢迎光临数学建模社区-数学中国 (http://www.madio.net/)