Nmap Development mailing list archives

Re: [NSE Script] SNMPv1 system information & uptime

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 11 Jun 2007 20:03:01 +0000

Thomas,

The script looks great!  I'm glad someone has tackled an NSE script
that uses SNMP.  I started to write a few NSE scripts that were going to
used NSE but gave up because of the difficulty of using ASN.1 encoding to
build the packets.

You wrote "-- copied from packet capture of snmpget exchange" and then
defined the payload as a string of bytes.  This works well for static OIDs
like SNMPv2-MIB::sysDescr.0 but doesn't work for OIDs that need to be
dynamically generated.

The solution is probably to build SNMP library bindings into NSE or offer
ASN.1 bindings.  I spent several hours trying to get LuaSNMP
(http://luasnmp.luaforge.net/) working with NSE but got in over my head and
put the project aside.

I hope eventually SNMP bindings will be available *and* Eddie's traceroute
information will be exposed to NSE.  I'm picturing NSE scripts that look up
the last hope for a host (typically the router) and query the ARP/CAM
tables for MAC address and other information.  This could be done
efficiently and non-redundantly with creative use of the NSE Registry.

Don't get me wrong, this script looks great.  I think it highlights one
current limitation of NSE though.

Brandon


On Mon, 11 Jun 2007 14:46:33 -0500
Thomas Buchanan <tbuchanan () thecompassgrp net> wrote:

Here's a nifty little script (at least I think so) that looks for SNMPv1 
systems that respond to "public" community string.  It trys to get the 
SNMPv2-MIB::sysDescr.0 OID and prints it, and then gets the 
SNMPv2-MIB::sysUpTime.0 OID and calculates the uptime of the system.

Example output:

Windows 2003 Server:

PORT    STATE SERVICE
161/udp open  snmp
|  SNMPv1: Hardware: x86 Family 15 Model 2 Stepping 9 AT/AT COMPATIBLE - 
Software: Windows Version 5.2 (Build 3790 Uniprocessor Free)
|_   System uptime: 23 days, 15:3:15.89 (204139589 timeticks)

Linux box w/net-snmp:

PORT    STATE SERVICE
161/udp open  snmp
|  SNMPv1: Linux pengiun 2.6.19.7 #1 Mon Mar 5 11:00:47 CST 2007 i686
|_   System uptime: 97 days, 19:12:35.6 (844995560 timeticks)


HP Network printer:

PORT    STATE SERVICE
161/udp open  snmp
|  SNMPv1: HP ETHERNET MULTI-ENVIRONMENT,ROM 
B.25.01,JETDIRECT,JD116,EEPROM B.25.31,CIDATE 07/23/2003
|_   System uptime: 15 days, 2:58:0.1 (130668010 timeticks)


Hopefully other people find this useful.

Thomas

Attachment: signature.asc
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE Script] SNMPv1 system information & uptime Thomas Buchanan (Jun 11)
- Re: [NSE Script] SNMPv1 system information & uptime DePriest, Jason R. (Jun 11)
- Re: [NSE Script] SNMPv1 system information & uptime Brandon Enright (Jun 11)
  - RE: [NSE Script] SNMPv1 system information & uptime Thomas Buchanan (Jun 11)
    - Re: [NSE Script] SNMPv1 system information & uptime Diman Todorov (Jun 12)