Re: Huawei/H3C Local User enumeration script

[David Fifield <david () bamsoftware com>]

On Tue, Oct 23, 2012 at 11:43:52AM -0700, Kurt Grutzmacher wrote:
> I've released an NSE script that will enumerate locally defined users
> from any Huawei or HP/H3C device that you have a read-only community
> string for (read-write required if using HP code updated yesterday).
>
> It's attached and latest revisions can be found at
> https://github.com/grutz/h3c-pt-tools/blob/master/nmap/snmp-hh3c-logins.nse
>
> Most equipment I've checked support the OLD style MIB OID (2011.10) but
> going further I'd like to modify the script to support both the NEW and
> OLD. So far it only really works with the OLD.

Thanks for this script. Is this related to a recently disclosed
vulnerability? If so, can you expand the description with some links to
it and a description of how the enumeration works?

I don't see where the script accepts a community string. You say the
script needs a read-only or read-write community string; how does the
user get one?

In this output:

|   admin
|     admin
|   h3c
|_    h3capadmin

What are the first "admin" and "h3c", and what are the second "admin"
and "h3capadmin"? Are they group names or something?

It would probably be better to use structured output than
stdnse.format_output for this script. Make your process_answer function
return a nice semantic table with labeled fields; then just return it.
http://nmap.org/book/nse-api.html#nse-structured-output

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/