Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: [NSE Script] SNMPv1 system information & uptime

Re: [NSE Script] SNMPv1 system information & uptime

From: Brandon Enright <bmenrigh_at_ucsd.edu>
Date: Mon, 11 Jun 2007 20:03:01 +0000

Thomas,

The script looks great! I'm glad someone has tackled an NSE script
that uses SNMP. I started to write a few NSE scripts that were going to
used NSE but gave up because of the difficulty of using ASN.1 encoding to
build the packets.

You wrote "-- copied from packet capture of snmpget exchange" and then
defined the payload as a string of bytes. This works well for static OIDs
like SNMPv2-MIB::sysDescr.0 but doesn't work for OIDs that need to be
dynamically generated.

The solution is probably to build SNMP library bindings into NSE or offer
ASN.1 bindings. I spent several hours trying to get LuaSNMP
(http://luasnmp.luaforge.net/) working with NSE but got in over my head and
put the project aside.

I hope eventually SNMP bindings will be available *and* Eddie's traceroute
information will be exposed to NSE. I'm picturing NSE scripts that look up
the last hope for a host (typically the router) and query the ARP/CAM
tables for MAC address and other information. This could be done
efficiently and non-redundantly with creative use of the NSE Registry.

Don't get me wrong, this script looks great. I think it highlights one
current limitation of NSE though.

Brandon

On Mon, 11 Jun 2007 14:46:33 -0500
Thomas Buchanan <tbuchanan_at_thecompassgrp.net> wrote:

> Here's a nifty little script (at least I think so) that looks for SNMPv1
> systems that respond to "public" community string. It trys to get the
> SNMPv2-MIB::sysDescr.0 OID and prints it, and then gets the
> SNMPv2-MIB::sysUpTime.0 OID and calculates the uptime of the system.
>
> Example output:
>
> Windows 2003 Server:
>
> PORT STATE SERVICE
> 161/udp open snmp
> | SNMPv1: Hardware: x86 Family 15 Model 2 Stepping 9 AT/AT COMPATIBLE -
> Software: Windows Version 5.2 (Build 3790 Uniprocessor Free)
> |_ System uptime: 23 days, 15:3:15.89 (204139589 timeticks)
>
> Linux box w/net-snmp:
>
> PORT STATE SERVICE
> 161/udp open snmp
> | SNMPv1: Linux pengiun 2.6.19.7 #1 Mon Mar 5 11:00:47 CST 2007 i686
> |_ System uptime: 97 days, 19:12:35.6 (844995560 timeticks)
>
>
> HP Network printer:
>
> PORT STATE SERVICE
> 161/udp open snmp
> | SNMPv1: HP ETHERNET MULTI-ENVIRONMENT,ROM
> B.25.01,JETDIRECT,JD116,EEPROM B.25.31,CIDATE 07/23/2003
> |_ System uptime: 15 days, 2:58:0.1 (130668010 timeticks)
>
>
> Hopefully other people find this useful.
>
> Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Received on Jun 11 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos