On Wed, Dec 28, 2011 at 11:00 AM, Patrik Karlsson <patrik () cqure net> wrote:
Make sure to check out the latest snmp-brute that was committed a few days
Looking at it now. Looks like it's just changes to the community string DB
reader, so I'm try to get that merged in with my own code.
At first I thought: wouldn't you achieve this by putting these 7-8
community strings in a community dictionary file (snmp-brute.communitiesdb)
and running snmp-brute and whatever other snmp script you would like output
from? As all snmp scripts should depend on snmp-brute it should find the
proper string and have it for the other scripts running once it finishes.
Besides the thing below, there's another problem: snmp-brute, and in fact,
probably most of the brute scripts, don't appear to be "thread safe".
We're talking when NMap executes 128 brute scripts for 128 hosts. The
sending of packets appear to work just fine. However, when a host-specific
receiver thread tells pcap that it needs to find a specific packet from its
host, Pcap will happily discard all of the good responses from every other
host until it has found the right packet for the host that this single
thread is worried about.
There's no real way of fixing this via Lua. The script is just executing
code similar to this:
pcap:pcap_open(host.interface, 104, false, "src host " .. host.ip .. " and
udp and port " .. port.number)
-- Yay, mass discards!
local status, plen, l2, l3, _ = pcap:pcap_receive()