Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug in snmp-brute in nmap

From: Roberto Greiner <roberto () nead unesp br>
Date: Mon, 22 Jun 2015 08:37:52 -0300
I've downloaded the SVN today, and found that the problem reported below
has improved, but there are still some problems.

It is no longer show duplicate entries. Unfortunately, the IPv6 code is
not working. Most of the targets in the network have IPv6 addresses, and
snmp is working (verified with snmpwalk), but the snmp-brute script is
failing to scan those targets when the IPv6 address is used.

Roberto Greiner

On 20/06/2015 01:08, Daniel Miller wrote:

Roberto,

One of our Google Summer of Code interns, Gio, recently upgraded the
snmp-brute script and vastly improved it. His changes are not in
6.49BETA2, so it is possible that he fixed this bug, too. If so, we
could probably get his changes into the next release.

Can you please build the latest development version of Nmap [1] and
let us know if you still have the problem? Obrigado!

Dan

[1] https://nmap.org/book/install.html#inst-svn

On Fri, Jun 19, 2015 at 8:38 AM, Roberto Greiner
<roberto () nead unesp br <mailto:roberto () nead unesp br>> wrote:

    Hi,

    I'm having a problem with snmp-brute plugin. When I scan a network
    range
    (say 10.0.0.0/24 <http://10.0.0.0/24>), I'm getting an output like
    this for most of the hits:
    Nmap scan report for server.domain (10.0.0.5)
    Host is up (-0.076s latency).
    PORT    STATE SERVICE
    161/udp open  snmp
    | snmp-brute:
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |   my_community - Valid credentials
    |_  my_community - Valid credentials
    MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)

    The community is correct, but obviously there is some logic bug.
    When I
    scan a single IP, two different things happen. With nmap 6.47, I get a
    correct output:
    Nmap scan report for server.domain (10.0.0.5)
    Host is up (-0.076s latency).
    PORT    STATE SERVICE
    161/udp open  snmp
    | snmp-brute:
    |_  my_community - Valid credentials


    In another server, with nmap6.49Beta2, I get the following output in
    most cases:
    Nmap scan report for server.domain (10.0.0.5)
    Host is up (-0.076s latency).
    PORT    STATE SERVICE
    161/udp open  snmp
    MAC Address: A0:B3:CC:F0:978:BC (Hewlett Packard)

    So, in nmap 6.49Beta2, something seems to have broken snmp-brute. In a
    few cases, I do get the proper response, but I didn't get why this
    is so.

    In all cases, all servers and targets are in the same L2 LAN,
    nothing is
    blocking communication (I get a proper response with snmpwalk),
    servers
    and targets are up-to-date Debian 7 installs. Version information
    for my
    nmap installs:
    Nmap version 6.47 ( http://nmap.org )
    Platform: x86_64-unknown-linux-gnu
    Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e nmap-libpcre-7.6
    nmap-libpcap-1.2.1 nmap-libdnet-1.12 ipv6
    Compiled without:
    Available nsock engines: epoll poll select

    Nmap version 6.49BETA2 ( http://nmap.org )
    Platform: x86_64-unknown-linux-gnu
    Compiled with: nmap-liblua-5.2.3 openssl-1.0.1e libpcre-8.30
    nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
    Compiled without:
    Available nsock engines: epoll poll select

    In both cases I'm using compiled versions of nmap , not packaged
    versions.

    Thank you,

    Roberto Greiner

    --
      -----------------------------------------------------
                    Marcos Roberto Greiner

       Os otimistas acham que estamos no melhor dos mundos
        Os pessimistas tem medo de que isto seja verdade
                                      James Branch Cabell
      -----------------------------------------------------


    _______________________________________________
    Sent through the dev mailing list
    https://nmap.org/mailman/listinfo/dev
    Archived at http://seclists.org/nmap-dev/





-- 
  -----------------------------------------------------
                Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
    Os pessimistas tem medo de que isto seja verdade
                                  James Branch Cabell
  -----------------------------------------------------


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: