Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Duarte Silva <duarte.silva () serializing me>
Date: Sun, 18 Dec 2011 18:19:55 +0000

Hello,

this is a very intial rewrite of the snmp-brute.nse script. As such, it 
needs loads of testing. Some stuff is still missing but I wanted some feedback.

Regards,
Duarte Silva

On Sunday 11 December 2011 20:29:07 Patrik Karlsson wrote:
On Sun, Dec 11, 2011 at 6:59 PM, Duarte Silva

<duarte.silva () serializing me>wrote:
On Tuesday 06 December 2011 19:59:34 Patrik Karlsson wrote:
If it can wait for the weekend, I will look into it.

Regards,
Duarte Silva

Cheers,
Patrik

Thanks Duarte, sounds good to me. What I saw during my brief look
was:
* nmap.fetchfile is used (limits the location of the communityfile)
* the result from nmap.fetchfile isn't checked
* there's no good way to return an error back to the action
function, if the file wasn't found

Cheers,
//Patrik

Hello,

I had a look at the script and I have some doubts about it. If the user
does
not supply the snmpcommunity (ant it isn't defined in the nmap.registry)
the
script will not run. But the script allows the user to supply a file
with a list of community strings to try out. Weird to say the least =P

If I ain't missing something I should remove that restriction and make
it
more
like, "supply a community string or a file containing community strings,
otherwize I will use my own file"?

Regards,
Duarte Silva

Hi Duarte,

The snmpcommunity registry thing looks strange, not sure why it's there,
but it seems to be the other way around, if it's defined, the script won't
run. I couldn't find any other scripts making use of that registry value,
so I guess that check could be removed.

I think your assessment is right, first check for a list of communities,
either as a string or file and then fallback to the default list. I had a
quick look over the script again and it currently works like this:
* if the passdb argument is supplied, this file is used as the community
list
* it then tries an alternative file supplied with the argument snmplist
* if the above two arguments are not used, it falls back to the file
nselib/data/snmpcommunities.lst

The problems I see are:
* if the files supplied by snmplist or passdb fail to open, the script
silently fails
* the script uses nmap.fetchfile for the snmplist file, which requires the
file to reside within nmap's directory structure

Cheers,
Patrik

Attachment: snmp-brute.patch
Description:

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault