athena-2k.pl
Platforms:
Perl (any system supporting perl)
Categories:
Auditing,
Host,
System Security Management,
Windows NT
Version:
URL: http://www.sps.lane.edu/~jshaw
This tool is a ~600 line PERL script that utilizes the Net::SNMP module. It's purpose is to retrieve A LOT of information out of a remote Windows 2000 machine running the SNMP Service with a known community string. I may or may not get around to making it work alright with Windows NT 4, currently it does not. It queries/walks a predefined set of SNMP OIDs, and displays the return values in a nice, formatted ASCII output. I find it to be quite speedy. It's a snapshot of my work so far, most of it being sheer research (trying to find exciting, new OIDs, and THEN finding out what exactly, they're returning that can be useful ;-) )
I think many people will be suprised at the amount of information the SNMP Service shares with the world on a misconfigured (read: default) setup. Among the items one can retrieve from such a server is:
- Server Name & Primary Domain/Workgroup
- OS version, CPU type (& if it's Multiprocessor or not)
- SNMP Contact & Location information (If defined)
- System uptime
- System date/time
- List of all user accounts
- Total RAM
- Storage devices, volume label, device type, & partition type
- Running processes & process id's
- Installed applications & the date they were each installed
- List of services
- List of network interfaces (Description, HW Address, Int Speed, IP address, netmask, Bytes In/Out, Status)
- List of all share names, file system location, & comments
- Routing table
- TCP connections & listening ports
- UDP listening ports
