SNMP scripts

[Patrik Karlsson <patrik () cqure net>]

Hi all,

I've finished some new SNMP scripts that extract information from Windows systems. During the development of these 
scripts I ran across a bug in the snmp.lua library which returns an incorrect OID when the last octet is larger than 
128. Apparently it should be differently decoded. 

I'm not really all that familiar with SNMP so I did some searching, obviously not enough, as I didn't find any 
documentation regarding how it should be decoded. Anyway, with support from the decoding done in Wireshark I have 
attempted to fix it and as far as I can tell the last octet is now properly decoded. I have also compared "my walk" to 
snmpwalk and they both match. I'm attaching a patch that implements my fix.

The scripts that I have implemented are:
* snmp-get-windows-processes.nse
* snmp-get-windows-services.nse
* snmp-get-windows-shares.nse
* snmp-get-windows-software.nse
* snmp-get-windows-users.nse

For sample output check out this blog post:
http://www.cqure.net/wp/2010/01/snmp-scripts-for-nmap/#more-288

There's some code duplication between the scripts mainly the snmp_walk function. The reason for not putting this inside 
the snmp library is that it takes a socket as parameter and the other functions in the snmp library don't.

The scripts are available from here:
http://www.cqure.net/wp/nmap-scripts/

//Patrik

Attachment: snmp.patch
Description:

--
Patrik Karlsson
http://www.cqure.net




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/