Nmap Development mailing list archives

Re: Possible bug in snmp-brute script in 5.61-TEST4

From: Duarte Silva <duarte.silva () serializing me>
Date: Tue, 10 Jan 2012 12:41:45 +0000

On Tuesday 10 January 2012 09:39:34 Roberto wrote:

Hi,

I was trying some IPv6 snmp scan with 5.61-TEST2, but it wasn't working
(freezing at 33.3%). So, I installed 5.61-TEST4, but got another problem.

I run the following command:
  # nmap -sU -p 161 --script snmp-brute --script-args
snmplist=snmplist.txt <server-name>


Hi Roberto,

The argument name has changed =P. Could you try it like this:

# nmap -sU -p 161 --script snmp-brute --script-args snmp-
brute.communitiesdb=snmplist.txt

If it doesn't work try with relative/full paths.

Regards,
Duarte Silva

Note: I get the same result with 5.61-TEST4 whether I add the '-6'
parameter or not.

With nmap 5.51, I get the following result:

-----------------------------------------------------------------------

Starting Nmap 5.51 ( http://nmap.org ) at 2012-01-10 09:22 BRST
Nmap scan report for <server name> (<server address>)
Host is up (0.00083s latency).
rDNS record for 200.145.9.19: <server name>
PORT    STATE SERVICE
161/udp open  snmp

|_snmp-brute: xxxxxxxxx

MAC Address: xx:xx:xx:xx:xx:xx (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

-----------------------------------------------------------------------

With version 5.61-TEST4 I'm getting the following output:

-----------------------------------------------------------------------

Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-10 09:20 BRST
Nmap scan report for <server name>  (<server address>)
Host is up (0.00092s latency).
rDNS record for 2801:88:ead::19: <server name>
PORT    STATE SERVICE
161/udp open  snmp
MAC Address: xx:xx:xx:xx:xx:xx (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds

-----------------------------------------------------------------------

The snmp-brute script is not giving the output of any community that
might have hit. Also, checking the logs of the target, I see a lot less
snmp-hits.

For debugging purposes, I verified that nmap-brute uses the file
"nselib/data/snmpcommunities.lst" as a reference for communities when
none is passed as a parameter. I've set a community from that list in
the target server, and with that I've got a proper hit in my scan. So
there is something inserted between TEST2 and TEST4 where the snmp-brute
script stopped reading the file passed as a parameter. Was the syntax
for passing a reference file do snmp-brute modified somehow? Is it a bug?

Thanks,

Roberto

Attachment: smime.p7s
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Possible bug in snmp-brute script in 5.61-TEST4 Roberto (Jan 10)
- Re: Possible bug in snmp-brute script in 5.61-TEST4 Duarte Silva (Jan 10)
- Message not available
  - Message not available
    - Message not available
    - Re: Possible bug in snmp-brute script in 5.61-TEST4 Roberto (Jan 10)