Re: [NSE] snmp-ios-config - Config grabber

[Fred <kbcboy () gmail com>]

Setting up a tftp server could be a extra program included with the
nmap source.  There is a trivial (if you excuse the expression) tftp
program written in ruby that is available:
http://pseudo-flaw.net/content/tftpgrab/
Just run tftpserver.rb and it does the rest.  Maybe could convert to a
lua script?  You don't need to create files before hand.

It would be cool if nmap could use the snmp MIB of routers to 'show
routes' and add that to the mapping functionality.  You would see
networks behind devices that way.

On Fri, Jan 21, 2011 at 2:51 PM, Patrik Karlsson <patrik () cqure net> wrote:
> On Jan 21, 2011, at 14:05 , Vikas Singhal wrote:
>
> > I have access to multiple Cisco devices, I will test the script and will post the output here.
>
> I did some more testing myself. Unfortunately the TFTP server needs more work.
> The current code won't accept two files in parallel, which may result in files not being received due to timeouts.
> While this *should* easily be fixed by creating a "server" thread that simply waits for a connection and then starts 
> up a new thread that performs the actual transfer it isn't.
> For some reason performance suffers horribly once I create code that does this making the server totally unusable.
>
> While I believe in the concept of including a TFTP server, the current code doesn't cut it, so unless I figure out 
> some way to re-write this code I think it's a no go.
> Any brilliant ideas or solutions are most welcome!
>
> //Patrik
>
> > On Fri, Jan 21, 2011 at 4:20 AM, Patrik Karlsson <patrik () cqure net> wrote:
> >
> > On Jan 20, 2011, at 22:54 , Thomas Buchanan wrote:
> >
> > > > -----Original Message-----
> > > > From: nmap-dev-bounces () insecure org
> > > > [mailto:nmap-dev-bounces () insecure org] On Behalf Of Patrik Karlsson
> > > > Sent: Monday, January 17, 2011 3:26 PM
> > > > To: Vikas Singhal
> > > > Cc: David Fifield; Thomas Buchanan; nmap-dev
> > > > Subject: Re: [NSE] snmp-ios-config - Config grabber
> > > >
> > > > I spent some time during the last few days to write a TFTP
> > > > server implementation for Nmap. It was somewhat harder than I
> > > > had imagined.
> > > > The server takes into account that it can be called from
> > > > several scripts simultaneously but uses a single server
> > > > socket to bind to udp port 69.
> > > > The script makes use of mutexes and condition variables to
> > > > prevent multiple instances from corrupting global variables
> > > > and to coordinate threads.
> > > > Using my test script the library *seems* to work as intended,
> > > > but it needs more testing and preferably a good review of the code.
> > > > However, when I incorporated the code into this script, I'm
> > > > getting the following error when nmap is finishing up. Ideas anyone?
> > > >
> > > > NSE: Script Engine Scan Aborted.
> > > > An error was thrown by the engine: ./nse_main.lua:279:
> > > > attempt to index field '?' (a nil value)
> > > > stack traceback:
> > > >     ./nse_main.lua:279: in function 'close'
> > > >     ./nse_main.lua:805: in function 'run'
> > > >     ./nse_main.lua:1030: in function <./nse_main.lua:937>
> > > >     [C]: ?
> > > >
> > > > In addition I've made the following changes to your script.
> > > > * changed the socket to be a local variable and made
> > > > sendrequest take it as a parameter
> > > > * renamed the tftpserver script argument to
> > > > snmp-ios-config.tftpserver and made it optional
> > > >   in case it's not supplied the script attempts to determine
> > > > the local ip itself
> > > >
> > > > Anyway, feedback and suggestions are welcome! I'm attaching a
> > > > patch against your last version and the tftp library.
> > > >
> > > > //Patrik
> > >
> > > Patrik,
> > >
> > > I spent a little time testing this, and it worked very well in my
> > > environment.  I tested against the same Cisco 1800 series router as
> > > before, and this time tested under both Linux and Windows.  The script
> > > ran successfully and retrieved the config file correctly both times.  I
> > > saw the same error message you did under Linux, but not on my Windows XP
> > > box.  I'm not sure what to make of that.  I don't have multiple Cisco
> > > devices to test, so I can't say anything about how it works with
> > > simultaneous responses.
> >
> > Ok, thanks for testing!
> > Vikas, do you have access to multiple Cisco devices against which you can test?
> >
> > > One question that I have about the script: is there any way to actually
> > > write the configuration to a file, rather than including it in the Nmap
> > > output?  The config file on my Cisco box is roughly 800 lines long, so
> > > this adds quite a bit of noise to the output.  In addition, if I wanted
> > > to run the config through any analyis tools, I'd need to copy and paste,
> > > then remove all the leading '|' characters that NSE output adds.  I
> > > looked through the NSEDoc online, but didn't see anything about writing
> > > to a file, so I don't know if this is feasible, but it would be
> > > convenient in my opinion.
> >
> > I've added support for saving the contents to separate files specified by the snmp-ios-config.tftproot parameter in 
> > the attached patch.
> > I'm not sure how to determine the suitable path delimiter, so for now the path needs to end with a slash.
> >
> > > Let me know if you have any questions or need further information.
> > >
> > > Thanks,
> > >
> > > Thomas
> >
> >
> >
> > //Patrik
> > --
> > Patrik Karlsson
> > http://www.cqure.net
> > http://www.twitter.com/nevdull77
>
> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/