Tools
5nmp
by Filip Waeytens
Platforms: Windows 2000, Windows XP
Categories: Auditing, Monitoring, Network, Network, Network Utilities, Passwords, Passwords, Recovery, Utilities
Version: 0.1
URL: http://www.remote-exploit.org/codes_5nmp.html
Background:

SNMP is the Simple Network Management Protocol. It is used by many if not most companies to manage and monitor their infrastructure. It is also often overlooked in terms of security and underestimated as an attack vector.

RFC1157.

Components:

The program is a GUI program, written in c#, so you'll need the .NET framework (3.5) and it will only work in MS Windows (Mono and Windows GUI components are a pain to make compatible for now).

It uses 2 DLL's that were written from scratch: the hacking.snmp and hacking.bruteforce.dll. The SNMP dll is not complete yet but whenever the author finds time it will be extended to support bulkget and extended ASN parsing, so enumeration will become possible as well as SET actions. You will also need to provide a dictionary for dictionary attacks. A very small one is included.

Generic usage:

The interface should be intuitive enough.

Use the slider to increase or decrease scanning speed. This is important to get accurate results. On a LAN the slider can be set to maximum speed. Behind a Natted broadband connection, caution is advised.

Devices such as ADSL modems aren't capable to deal with the large amount of packets and nat connections they generate. The program uses non-blocking udp sockets and a listener for answers, which makes it quite fast.

You can also set the destination port for devices which listen on non-standard ports (not 161) and set the listening port to make sure the packets get back ok in case of firewalls.

For optimal speed, turn off verbosity, errors and reverse lookups (only in case of maximum speed on a LAN).

Results can be saved in XML for further processing and loaded back.

    Tools
 
Comments Mode:


 

Privacy Statement
Copyright 2010, SecurityFocus