Re: [NSE] snmp-brute port to brute framework

[Patrik Karlsson <patrik () cqure net>]

On Jul 13, 2011, at 1:15 AM, Gorjan Petrovski wrote:

> Oh my God, it was a mistake. I replaced the snmp-brute by mistake! :-S
> That's not even the best version I have. I'll put it back at once!
:)

> I will take your patch in mind when I write the final snmp-brute. I
> originally planned to use the old credentials plus the ones from the
> datafiles/passwords.lst.
Ok, that sounds reasonable, but I think it could be further improved using a dedicated SNMP community list.
I imagine that there are other default or commonly used community strings, but maybe I'm wrong. 

> Btw, thanks for fixing the brute library. I noticed those too, but was
> too concentrated on parallel probes with snmp to test them through and
> read the code carefully.

No problem at all. I might end up doing some other changes, but I'll let you know.

> About VirtualBox: I had the same problem. Maybe you can see the probes
> from the host to the target by running tcpdump (or a similar packet
> sniffer) on the target. However I don't think this is necessary since
> the test script I sent you checks every response received if it
> contains the community string used. Unless there is some way that
> packets are duplicated or the pcap filter on nmap's side
> malfunctioning, the script should work fine and count them all.

Well, the problem is that I see neither the probes or the responses for some reason.
As the script uses pcap sockets to read the responses it always ends up getting 0 responses back.
I think this is something OS X specific and extremely annoying.

//Patrik

--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/