Nmap Development mailing list archives

Re: Bug in snmp-brute in nmap

From: Gioacchino Mazzurco <gmazzurco89 () gmail com>
Date: Fri, 19 Jun 2015 18:13:56 +0200

I have recently ported snmp-*.nse to creds library, i cannot reproduce your 
bug but it seems like that the community is added twice for your host 10.0.0.5 
i do assumed that creds library would hold a set of credentials not a list 
(for set i mean that there is no duplicated), but maybe my assumption is 
wrong, or maybe this part of creds library may be improved

Cheers!

On Friday, June 19, 2015 10:38:57 AM Roberto Greiner wrote:

Hi,

I'm having a problem with snmp-brute plugin. When I scan a network range
(say 10.0.0.0/24), I'm getting an output like this for most of the hits:
Nmap scan report for server.domain (10.0.0.5)
Host is up (-0.076s latency).
PORT    STATE SERVICE
161/udp open  snmp

| snmp-brute:
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|   my_community - Valid credentials
|
|_  my_community - Valid credentials

MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)

The community is correct, but obviously there is some logic bug. When I
scan a single IP, two different things happen. With nmap 6.47, I get a
correct output:
Nmap scan report for server.domain (10.0.0.5)
Host is up (-0.076s latency).
PORT    STATE SERVICE
161/udp open  snmp

| snmp-brute:
|_  my_community - Valid credentials

In another server, with nmap6.49Beta2, I get the following output in
most cases:
Nmap scan report for server.domain (10.0.0.5)
Host is up (-0.076s latency).
PORT    STATE SERVICE
161/udp open  snmp
MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)

So, in nmap 6.49Beta2, something seems to have broken snmp-brute. In a
few cases, I do get the proper response, but I didn't get why this is so.

In all cases, all servers and targets are in the same L2 LAN, nothing is
blocking communication (I get a proper response with snmpwalk), servers
and targets are up-to-date Debian 7 installs. Version information for my
nmap installs:
Nmap version 6.47 ( http://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e nmap-libpcre-7.6
nmap-libpcap-1.2.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Nmap version 6.49BETA2 ( http://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e libpcre-8.30
nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

In both cases I'm using compiled versions of nmap , not packaged versions.

Thank you,

Roberto Greiner


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Bug in snmp-brute in nmap Roberto Greiner (Jun 19)
- Re: Bug in snmp-brute in nmap Gioacchino Mazzurco (Jun 19)
- Re: Bug in snmp-brute in nmap Daniel Miller (Jun 19)
  - Re: Bug in snmp-brute in nmap Roberto Greiner (Jun 22)
    - Re: Bug in snmp-brute in nmap Gioacchino Mazzurco (Jun 22)
    - Re: Bug in snmp-brute in nmap Roberto Greiner (Jun 22)