Nmap Development mailing list archives

Re: [NSE] snmp-brute port to brute framework

From: Gorjan Petrovski <mogi57 () gmail com>
Date: Sun, 17 Jul 2011 18:51:38 +0200

I've finished the snmp-brute script. I decided to add a new file:
nselib/data/snmpcommunities.lst in which we could add more snmp
community strings. It is used in the script in conjunction with the
passwords.lst wordlist. I also needed to make changes to the unpwdb
making the limited_iterator function global in order to be used with
the snmp-brute script.

This script opens a sending socket and a sniffing pcap socket in parallel
threads. The sending socket sends the SNMP probes with the community strings,
while the pcap socket sniffs the network for an answer to the probes. If
valid community strings are found, they are added to the creds database and
reported in the output.

The default wordlists used to bruteforce the SNMP community strings are
<code>nselib/data/snmpcommunities.lst</code> and
<code>nselib/data/passwords.lst</code>. If the <code>passdb</code> or
<code>snmplist</code> argument is specified, that one is used as the wordlist.
The <code>passdb</code> argument has precedence over <code>snmplist</code>.

No output is reported if no valid account is found.

-- 2008-07-03 Philip Pickering, basic verstion
-- 2011-07-17 Gorjan Petrovski, Patrik Karlsson, optimization and creds
--            accounts, rejected use of the brute library because of
--            implementation using unconnected sockets.

---
-- @usage
-- nmap -sU --script snmp-brute <target> [--script-args [
passdb=<wordlist> | snmplist=<wordlist> ]]
--
-- @args snmpcommunity The SNMP community string to use. If it's supplied, this
-- script will not run.
-- @args snmplist The filename of a list of community strings to try.
--
-- @output
-- PORT    STATE SERVICE
-- 161/udp open  snmp
-- | snmp-brute:
-- |   dragon - Account is valid
-- |_  jordan - Account is valid


Cheers,
Gorjan

Attachment: unpwdb.patch
Description:

Attachment: snmp-brute.nse
Description:

Attachment: snmpcommunities.lst
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [NSE] snmp-brute port to brute framework, (continued)
- - - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 11)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 15)
    - Re: [NSE] snmp-brute port to brute framework Toni Ruottu (Jul 15)
    - Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 17)
    - Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)