Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Tue, 6 Dec 2011 18:04:24 +0000

On Tuesday 06 December 2011 17:49:59 Patrik Karlsson wrote:
On Tue, Dec 6, 2011 at 4:20 PM, Kent Hundley <khundley () opnet com> wrote:
David,

Thanks much, you hit the nail on the head. For some reason, nmap was not
using the file I was supplying with the snmp community strings. I tried
using the snmp-brute script option and I noticed that if I supplied the
snmpcommunities file option, nmap kept just using some default values.
Looking at the snmp-brute.nse file, I found a section that specified a
list of default communities to use and just substituted the string I
wanted for one of the defaults and lo and behold the scan told me which
string was in use.

After trying this I then went back and re-created the snmpcommunities.lst
file in the root of the nmap dir and suddenly it started working. I'm not
sure what the issue was originally, but its working now. For completeness
and to help anyone else who has this issue, here is the exact command
that is working now, the "snmpcommunities.lst" file is in the same dir
as the nmap.exe (this is on Windows BTW):

C:\Program Files (x86)\Nmap>type snmpcommunities.lst
test

C:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute
192.168.200.2 --s
cript-args snmplist=snmpcommunities.lst

Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-06 09:42 Eastern
Standard Time

Nmap scan report for 192.168.200.2
Host is up (0.012s latency).

PORT    STATE SERVICE
161/udp open  snmp

|_snmp-brute: test

MAC Address: CC:02:1B:80:00:00 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 2.35 seconds

C:\Program Files (x86)\Nmap>


Thanks,
Kent

Hi Kent,

Thanks for this write-up, it lead me to looking into the snmp-brute script.
There's actually a bug in the script that doesn't allow the file containing
the list of communities to reside outside of nmap's directory
structure. Also, the script fails to properly check and report back if it
did not successfully open the file, making it a bit difficult to track down
this bug.

If someone has the time to look into this please do and let the list know,
otherwise I will, eventually.

If it can wait for the weekend, I will look into it.

Regards,
Duarte Silva


Cheers,
Patrik

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]