PaulDotCom mailing list archives
Re: SNMP write access
From: Robert Portvliet <robert.portvliet () gmail com>
Date: Sat, 11 Feb 2012 13:56:01 -0500
Actually, that part might have been Ed Skoudis. At any rate, great preso! :) On Sat, Feb 11, 2012 at 1:50 PM, Robert Portvliet < robert.portvliet () gmail com> wrote:
Check out Pentest Perfect Storm - Part 6 -"We love Cisco" for some SNMP RW awesomeness from Josh Wright. There are also a few auxiliary modules in Metasploit that allow you to take advantage of RW SNMP access. PPS-6 here: http://www.willhackforsushi.com/?p=518 Cheers, Rob On Sat, Feb 11, 2012 at 12:53 PM, Larry Pesce <larry () pauldotcom com>wrote:Robin, I've had great success on tests with SNMP write strings during some tests in the last year: 1. An external switch between external router and firewall with public IP address form Netgear. App to manage was downloadable from form Netgear for a 30 day free trial. Guess what the app allowed? Disable port. Good bye internets. 2. Use to dump Cisco running config to my own TFTP server (with a good portion of Cisco routers and switches). Once you have the config, all sorts of things are possible - especially if they are still storing passwords on the device in the clear or with type 7. With this easily decoded passwords, you'd not be surprised how often they are re-used across the org for all sorts of thing, including the rest of their Cisco infrastructure. I use muts' script that I found here: http://littlehacker.persiangig.com/cisco/copy-router-config.pl (I think it also might be on BT5, but I'm not sure.) - L On 2/10/12 6:32 AM, Robin Wood wrote:Does anyone have any good information on using SNMP write strings that we find on tests? I'd always been told that you need clients for the specific application/device to properly use an SNMP write string to modify anything but I'm now questioning that as it doesn't feel right. It is the kind of thing I would only do with permission to demonstrate what can be done but would be useful to be able to show if asked. Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SNMP write access Robin Wood (Feb 10)
- Re: SNMP write access Larry Pesce (Feb 11)
- Re: SNMP write access Robert Portvliet (Feb 11)
- Re: SNMP write access Robert Portvliet (Feb 11)
- Re: SNMP write access Robin Wood (Feb 11)
- Re: SNMP write access Robin Wood (Feb 11)
- Re: SNMP write access gold flake (Feb 13)
- Re: SNMP write access Robert Portvliet (Feb 11)
- Re: SNMP write access Larry Pesce (Feb 11)