Re: [NSE] snmp-brute port to brute framework

[David Fifield <david () bamsoftware com>]

On Wed, Jul 06, 2011 at 09:39:16PM +0200, Gorjan Petrovski wrote:
> Hi,
>
> I'm porting the snmp-brute script to the brute framework and I found
> that there are default passwords used to brute if no wordlist is
> supplied. These passwords are: 'public', 'private', 'snmpd', 'snmp',
> 'mngt', 'cisco', 'admin'. S?ome of them are not present in the default
> wordlist that the brute framework uses. I couldn't find posts about
> the original script SNMPcommunitybrute.nse and I've no idea how the
> author got hold of these passwords. Should I add them to the wordlist
> or not? Maybe I should add them to be used in addition to the default
> wordlist, only for the snmp-brute script when no other wordlist is
> specified?

It's not as easy as it should be, but you can construct a custom
password iterator using the functions in unpwdb. Make a coroutine that
first yields your SNMP-specific passwords, then unpwdb.passwords_raw.
unpwdb.limited_iterator puts a time and count limit on the iterator.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/