Nmap Development mailing list archives
Re: Bug in snmp-brute in nmap
From: Gioacchino Mazzurco <gmazzurco89 () gmail com>
Date: Fri, 19 Jun 2015 18:13:56 +0200
I have recently ported snmp-*.nse to creds library, i cannot reproduce your bug but it seems like that the community is added twice for your host 10.0.0.5 i do assumed that creds library would hold a set of credentials not a list (for set i mean that there is no duplicated), but maybe my assumption is wrong, or maybe this part of creds library may be improved Cheers! On Friday, June 19, 2015 10:38:57 AM Roberto Greiner wrote:
Hi, I'm having a problem with snmp-brute plugin. When I scan a network range (say 10.0.0.0/24), I'm getting an output like this for most of the hits: Nmap scan report for server.domain (10.0.0.5) Host is up (-0.076s latency). PORT STATE SERVICE 161/udp open snmp | snmp-brute: | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | my_community - Valid credentials | |_ my_community - Valid credentials MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard) The community is correct, but obviously there is some logic bug. When I scan a single IP, two different things happen. With nmap 6.47, I get a correct output: Nmap scan report for server.domain (10.0.0.5) Host is up (-0.076s latency). PORT STATE SERVICE 161/udp open snmp | snmp-brute: |_ my_community - Valid credentials In another server, with nmap6.49Beta2, I get the following output in most cases: Nmap scan report for server.domain (10.0.0.5) Host is up (-0.076s latency). PORT STATE SERVICE 161/udp open snmp MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard) So, in nmap 6.49Beta2, something seems to have broken snmp-brute. In a few cases, I do get the proper response, but I didn't get why this is so. In all cases, all servers and targets are in the same L2 LAN, nothing is blocking communication (I get a proper response with snmpwalk), servers and targets are up-to-date Debian 7 installs. Version information for my nmap installs: Nmap version 6.47 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e nmap-libpcre-7.6 nmap-libpcap-1.2.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select Nmap version 6.49BETA2 ( http://nmap.org ) Platform: x86_64-unknown-linux-gnu Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e libpcre-8.30 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select In both cases I'm using compiled versions of nmap , not packaged versions. Thank you, Roberto Greiner
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in snmp-brute in nmap Roberto Greiner (Jun 19)
- Re: Bug in snmp-brute in nmap Gioacchino Mazzurco (Jun 19)
- Re: Bug in snmp-brute in nmap Daniel Miller (Jun 19)
- Re: Bug in snmp-brute in nmap Roberto Greiner (Jun 22)
- Re: Bug in snmp-brute in nmap Gioacchino Mazzurco (Jun 22)
- Re: Bug in snmp-brute in nmap Roberto Greiner (Jun 22)
- Re: Bug in snmp-brute in nmap Roberto Greiner (Jun 22)