Nmap Development mailing list archives
Re: [NSE] snmp-brute port to brute framework
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 7 Jul 2011 14:34:11 +0200
If you haven't already, I think you should try going with unconnected sockets using a higher thread count. As far as I can tell, unconnected sockets are not restricted in simultaneous connections (--max-parallelism) the same way as TCP sockets are. Good or bad, intensional or not, I don't know, but this would allow you to increase the thread count of the brute engine considerably which would most likely get you better performance. I also made a hack when doing my earlier SNMP tests that basically sent all snmp queries "up front" and then simply listened for a response (that contains the correct community) This is the way the current snmp-brute works. While this worked great for small lists of communities it would sometimes fail for bigger lists. When dumping traffic on both sides I could see the query, with the correct community, getting all the way to the target Windows box, but no response was returned. //Patrik On Jul 7, 2011, at 2:01 PM, Gorjan Petrovski wrote:
Thanks for the reply Patrik, I'll heed your advice about the snmpcommunities. In fact I had read your post and I ran into the same issues myself. I'm currently experimenting a bit so we'll see what I come up with :-) Cheers, Gorjan On Jul 7, 2011 12:08 PM, "Patrik Karlsson" <patrik () cqure net> wrote:On Jul 6, 2011, at 9:39 PM, Gorjan Petrovski wrote:Hi, I'm porting the snmp-brute script to the brute framework and I found that there are default passwords used to brute if no wordlist is supplied. These passwords are: 'public', 'private', 'snmpd', 'snmp', 'mngt', 'cisco', 'admin'. S?ome of them are not present in the default wordlist that the brute framework uses. I couldn't find posts about the original script SNMPcommunitybrute.nse and I've no idea how the author got hold of these passwords. Should I add them to the wordlist or not? Maybe I should add them to be used in addition to the default wordlist, only for the snmp-brute script when no other wordlist is specified? Input is appreciated :) Thanks, Gorjan _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/I think it's probably best to keep a separate file with snmp communities. The ones hard coded into the current script all seem to be good candidates. I just committed some small updates to the brute library that fix a few minor issues. I made a (not very big) effort to port the snmp-brute script to the brute framework a while back and ran into a few performance issues. http://seclists.org/nmap-dev/2011/q2/56 //Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 06)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 07)
- Re: [NSE] snmp-brute port to brute framework David Fifield (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 12)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 14)
- Re: [NSE] snmp-brute port to brute framework Gorjan Petrovski (Jul 11)
- Re: [NSE] snmp-brute port to brute framework Patrik Karlsson (Jul 07)