Re: nmap snmp scanning

[Duarte Silva <duarte.silva () serializing me>]

Hello,

this is a very intial rewrite of the snmp-brute.nse script. As such, it 
needs loads of testing. Some stuff is still missing but I wanted some feedback.

Regards,
Duarte Silva

On Sunday 11 December 2011 20:29:07 Patrik Karlsson wrote:
> On Sun, Dec 11, 2011 at 6:59 PM, Duarte Silva
>
> <duarte.silva () serializing me>wrote:
> > On Tuesday 06 December 2011 19:59:34 Patrik Karlsson wrote:
> > > > If it can wait for the weekend, I will look into it.
> > > >
> > > > Regards,
> > > > Duarte Silva
> > > >
> > > > > Cheers,
> > > > > Patrik
> > >
> > > Thanks Duarte, sounds good to me. What I saw during my brief look
> > > was:
> > > * nmap.fetchfile is used (limits the location of the communityfile)
> > > * the result from nmap.fetchfile isn't checked
> > > * there's no good way to return an error back to the action
> > > function, if the file wasn't found
> > >
> > > Cheers,
> > > //Patrik
> >
> > Hello,
> >
> > I had a look at the script and I have some doubts about it. If the user
> > does
> > not supply the snmpcommunity (ant it isn't defined in the nmap.registry)
> > the
> > script will not run. But the script allows the user to supply a file
> > with a list of community strings to try out. Weird to say the least =P
> >
> > If I ain't missing something I should remove that restriction and make
> > it
> > more
> > like, "supply a community string or a file containing community strings,
> > otherwize I will use my own file"?
> >
> > Regards,
> > Duarte Silva
>
> Hi Duarte,
>
> The snmpcommunity registry thing looks strange, not sure why it's there,
> but it seems to be the other way around, if it's defined, the script won't
> run. I couldn't find any other scripts making use of that registry value,
> so I guess that check could be removed.
>
> I think your assessment is right, first check for a list of communities,
> either as a string or file and then fallback to the default list. I had a
> quick look over the script again and it currently works like this:
> * if the passdb argument is supplied, this file is used as the community
> list
> * it then tries an alternative file supplied with the argument snmplist
> * if the above two arguments are not used, it falls back to the file
> nselib/data/snmpcommunities.lst
>
> The problems I see are:
> * if the files supplied by snmplist or passdb fail to open, the script
> silently fails
> * the script uses nmap.fetchfile for the snmplist file, which requires the
> file to reside within nmap's directory structure
>
> Cheers,
> Patrik

Attachment: snmp-brute.patch
Description:

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/