Penetration Testing mailing list archives
Re: snmp vulnerablities
From: "Ron Russell" <ron () siliconbuddha com>
Date: Mon, 16 Jul 2001 10:14:07 -0700
SNMP can also be used to write configuration parameters to Cisco Routers as well (assuming you have the read/write community string). I have actually successfully downloaded a router config, unencrypted the hash for the passwords, and telnetted into the router. I'm sure that there are multiple other security vulnerabilities here as well. Ron Russell - MCSE, CCNA, CNE 480-6-Buddha Silicon Buddha LLC Enlightened Network Services www.siliconbuddha.com Offering Free Vulnerability Assessments from the deserts of Phoenix Arizona ----- Original Message ----- From: "H Carvey" <keydet89 () yahoo com> To: <pen-test () securityfocus com> Sent: Saturday, July 14, 2001 6:50 AM Subject: Re: snmp vulnerablities
Hi there. how do you exploit or gain access
from vulnerable host using snmp vulnerablities. I've tried to used this command but its not work :
I'm not sure why you would try sending 'echo' commands to the SNMP agent...do any agents have a vulnerability that will allow them to write to the drive? I have always seen SNMP as a great recon protocol, especially when it is misconfigured (ie, default community strings, no restrictions on management stations, etc). On Win2K, you can enum usernames, services, TCP/UDP info, etc. Systems running SNMP can divulge information...if they are misconfigured. This is why many people call SNMP a 'dangerous' protocol. As with anything else, some simple configuration steps can fix that. Yes, if someone installs a sniffer and captures some datagrams containing your SNMPv1 read-write community string, you could most definitely have problems (though I doubt that those problems include the ability to write to the drive). However, if someone is able to load a sniffer on your network, you've got other problems to worry about... ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- snmp vulnerablities slash underground (Jul 13)
- <Possible follow-ups>
- Re: snmp vulnerablities H Carvey (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities H C (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Jon DeShirley (Jul 17)
- Re: snmp vulnerablities Peter Van Epp (Jul 17)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Dave Ryan (Jul 17)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 17)