Re: [PEN-TEST] Q: How do I use SNMP to set IP of a remote network interface?

[H Carvey <keydet89 () YAHOO COM>]

I prefer to use a far simpler approach, in order 
to demonstrate the 'low hanging' fruit.  For 
example, I like to use Perl, and there is a great 
little SNMP module on CPAN (named 'Net::SNMP') 
that is written in pure Perl...no UCD SNMP 
utilities required.  The POD includes examples of 
getting the sysUpTime and setting the sysContact.  
We now have an exploit that is within the grasp of 
anyone with even Win9x and a modem.

I've used this to change the sysContact as a 
demonstration of the read-write community string 
being left as the default, or changed to an easily 
guessed string.  I think that the demo has greater 
impact when you can show that how easily 
accessible it is, even to the general population 
of script kiddies.

Now, on to your question.  The OID (object 
identifer) you are looking for appears in MIB-II, 
in both the at and ip groups.  However, according 
to "SNMP, SNMPv2, and RMON" by Stallings, only the 
object in the at (address translation) group is 
writeable.

Now all you need is the full OID of the specific 
interface you want to affect.

K

>  I'd like to be able to prove to people that 
SNMP private community is
> indeed a dangerous vulnerability.
> For a simple demonstration I'd like to be able 
to use my SNMP management
> package's "snmpset" command 
(<ftp://ucd-snmp.ucdavis.edu/ucd-snmp.tar.gz> )
> to change an IP address on a remote HP-UX 11.0 
test system. In addition to
> HP-UX I would like to do the demo with a Windows 
NT 4 targeted test system.
> Is this possible and does anyone know how I 
would do it? (using any SNMP
> management console)