Penetration Testing mailing list archives
Re: snmp vulnerablities
From: H Carvey <keydet89 () yahoo com>
Date: 14 Jul 2001 13:50:18 -0000
Hi there. how do you exploit or gain access
from vulnerable host using snmp vulnerablities. I've tried to used this command but its not work :
I'm not sure why you would try sending 'echo' commands to the SNMP agent...do any agents have a vulnerability that will allow them to write to the drive? I have always seen SNMP as a great recon protocol, especially when it is misconfigured (ie, default community strings, no restrictions on management stations, etc). On Win2K, you can enum usernames, services, TCP/UDP info, etc. Systems running SNMP can divulge information...if they are misconfigured. This is why many people call SNMP a 'dangerous' protocol. As with anything else, some simple configuration steps can fix that. Yes, if someone installs a sniffer and captures some datagrams containing your SNMPv1 read-write community string, you could most definitely have problems (though I doubt that those problems include the ability to write to the drive). However, if someone is able to load a sniffer on your network, you've got other problems to worry about... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- snmp vulnerablities slash underground (Jul 13)
- <Possible follow-ups>
- Re: snmp vulnerablities H Carvey (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities H C (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Jon DeShirley (Jul 17)
- Re: snmp vulnerablities Peter Van Epp (Jul 17)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Dave Ryan (Jul 17)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 17)