Re: Bug in snmp-brute in nmap

[Daniel Miller <bonsaiviking () gmail com>]

Roberto,

One of our Google Summer of Code interns, Gio, recently upgraded the
snmp-brute script and vastly improved it. His changes are not in 6.49BETA2,
so it is possible that he fixed this bug, too. If so, we could probably get
his changes into the next release.

Can you please build the latest development version of Nmap [1] and let us
know if you still have the problem? Obrigado!

Dan

[1] https://nmap.org/book/install.html#inst-svn

On Fri, Jun 19, 2015 at 8:38 AM, Roberto Greiner <roberto () nead unesp br>
wrote:

> Hi,
>
> I'm having a problem with snmp-brute plugin. When I scan a network range
> (say 10.0.0.0/24), I'm getting an output like this for most of the hits:
> Nmap scan report for server.domain (10.0.0.5)
> Host is up (-0.076s latency).
> PORT    STATE SERVICE
> 161/udp open  snmp
> | snmp-brute:
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |   my_community - Valid credentials
> |_  my_community - Valid credentials
> MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)
>
> The community is correct, but obviously there is some logic bug. When I
> scan a single IP, two different things happen. With nmap 6.47, I get a
> correct output:
> Nmap scan report for server.domain (10.0.0.5)
> Host is up (-0.076s latency).
> PORT    STATE SERVICE
> 161/udp open  snmp
> | snmp-brute:
> |_  my_community - Valid credentials
>
>
> In another server, with nmap6.49Beta2, I get the following output in
> most cases:
> Nmap scan report for server.domain (10.0.0.5)
> Host is up (-0.076s latency).
> PORT    STATE SERVICE
> 161/udp open  snmp
> MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)
>
> So, in nmap 6.49Beta2, something seems to have broken snmp-brute. In a
> few cases, I do get the proper response, but I didn't get why this is so.
>
> In all cases, all servers and targets are in the same L2 LAN, nothing is
> blocking communication (I get a proper response with snmpwalk), servers
> and targets are up-to-date Debian 7 installs. Version information for my
> nmap installs:
> Nmap version 6.47 ( http://nmap.org )
> Platform: x86_64-unknown-linux-gnu
> Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e nmap-libpcre-7.6
> nmap-libpcap-1.2.1 nmap-libdnet-1.12 ipv6
> Compiled without:
> Available nsock engines: epoll poll select
>
> Nmap version 6.49BETA2 ( http://nmap.org )
> Platform: x86_64-unknown-linux-gnu
> Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e libpcre-8.30
> nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
> Compiled without:
> Available nsock engines: epoll poll select
>
> In both cases I'm using compiled versions of nmap , not packaged versions.
>
> Thank you,
>
> Roberto Greiner
>
> --
>   -----------------------------------------------------
>                 Marcos Roberto Greiner
>
>    Os otimistas acham que estamos no melhor dos mundos
>     Os pessimistas tem medo de que isto seja verdade
>                                   James Branch Cabell
>   -----------------------------------------------------
>
>
> _______________________________________________
> Sent through the dev mailing list
> https://nmap.org/mailman/listinfo/dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/