Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: NT snmp

RE: NT snmp

From: <adam_at_jaftan.com.au>
Date: Tue, 7 Aug 2001 08:45:29 +1000

> :Target is an NT4 box with snmp setup with "Read/Create"
> permissions on one
> :of the communities. I need to demonstrate that this is a bad
> idea, so im
> :looking for a tool that will spoof the source address (to
> 127.0.0.1) and
> :send an snmp set. Any suggestions?
>
> snmpwalk the following for usefull information for further
> compromising the machine.

Cant be done easily as they have "Accept SNMP traps from these hosts" set.
That's why im looking for a SNMP set DoS, which will work with a spoofed
address rather than reads which are useless without a reply. I'm not local
so i cant sniff.

> I haven't examined the NT write mib, but I'm sure there
> is a wonderland of exquisite horrors awaiting us in there.

Setting .1.3.6.1.2.1.2.2.1.7.x (where is the interface number) to 2 turns
off the interface ;-) All i need is tool to spoof the source address. Could
i write such a tool with Perl? (even if i suck at Perl?)

Adam

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 07 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos