Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] snmp-ios-config - Config grabber
From: Patrik Karlsson <patrik () cqure net>
Date: Tue, 18 Jan 2011 20:37:40 +0100

On 18 jan 2011, at 19.55, David Fifield wrote:

On Tue, Jan 18, 2011 at 01:57:36AM +0530, Vikas Singhal wrote:
Thanks Patrik. Sorry for the late reply..

I have incorporated the patch you mentioned. You are right.. some IOS (may
be old ones) require the*5* for Copy operation
but the newer ones can work with IP address as "string" for tftpserver on
mib .*16* .

I have also done some verbose error throwing e.g if the community string is
incorrect etc.

As Fred mentioned.. we need 2 more things.. 1) Spoofing your ip to bypass
the SNMP access list and 2) TFTP Server in-built (asked by David as well).

1) I tried using the nmap Spoof function using -S option, it sends the first
packet spoofed but subsequest packets are sent from the real address, any
2) Will leave it for future enhancement as of now!

Nonetheless, the patched and tested script is attached for more testing! :)

So, Cisco SNMP-using users, is this a script that you will use?
I want to know if this is generally useful enough to include with Nmap,
or if there will be few enough users that it's better to just grab it
from the mailing list. Would you use it even if you have to set up a
TFTP server, or would you only use it if Nmap could automatically
collect the TFTP replies?

David Fifield

Personally I think it could be usable from a security testing perspective.
Although setting up a TFTP server is not a show-stopper for me I would prefer being able to simply run the script and 
get the results back as usual.
I found it annoying enough to write the tftp server implementation doing exactly this :)

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]