Snmp/snmp login

De www.metasploit-es.com.ar

El escaneador "snmp_login" es un modulo que escanea un rango de direcciones IP para determinar la cadena de comunidad para los dispositivos con SNMP habilitado. 

msf > use auxiliary/scanner/snmp/snmp_login
msf auxiliary(snmp_login) > show options

Module options:

   Name              Current Setting                                             Required  Description
   ----              ---------------                                             --------  -----------
   BATCHSIZE         256                                                         yes       The number of hosts to probe in each set
   BLANK_PASSWORDS   true                                                        yes       Try blank passwords for all users
   BRUTEFORCE_SPEED  5                                                           yes       How fast to bruteforce, from 0 to 5
   CHOST                                                                         no        The local client address
   PASSWORD                                                                      no        The password to test
   PASS_FILE         /opt/metasploit3/msf3/data/wordlists/snmp_default_pass.txt  no        File containing communities, one per line
   RHOSTS                                                                        yes       The target address range or CIDR identifier
   RPORT             161                                                         yes       The target port
   STOP_ON_SUCCESS   false                                                       yes       Stop guessing when a credential works for a host
   THREADS           1                                                           yes       The number of concurrent threads
   USERNAME                                                                      no        A specific username to authenticate as
   USERPASS_FILE                                                                 no        File containing users and passwords separated by space, one pair per line
   USER_FILE                                                                     no        File containing usernames, one per line
   VERBOSE           true                                                        yes       Whether to print output for all attempts

Definimos nuestros valores RHOSTS y THREADS mientras utilizamos la lista de palabras por defecto y hacemos correr el escaner. 

msf auxiliary(snmp_login) > set RHOSTS 192.168.1.0/24
RHOSTS => 192.168.1.0/24
msf auxiliary(snmp_login) > set THREADS 254
THREADS => 254
msf auxiliary(snmp_login) > run

[+] SNMP: 192.168.1.2 community string: 'public' info: 'GSM7224 L2 Managed Gigabit Switch'
[+] SNMP: 192.168.1.199 community string: 'public' info: 'HP ETHERNET MULTI-ENVIRONMENT'
[+] SNMP: 192.168.1.2 community string: 'private' info: 'GSM7224 L2 Managed Gigabit Switch'
[+] SNMP: 192.168.1.199 community string: 'private' info: 'HP ETHERNET MULTI-ENVIRONMENT'
[*] Validating scan results from 2 hosts...
[*] Host 192.168.1.199 provides READ-WRITE access with community 'internal'
[*] Host 192.168.1.199 provides READ-WRITE access with community 'private'
[*] Host 192.168.1.199 provides READ-WRITE access with community 'public'
[*] Host 192.168.1.2 provides READ-WRITE access with community 'private'
[*] Host 192.168.1.2 provides READ-ONLY access with community 'public'
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(snmp_login) >

Nuestro barrido rapido encontro tanto la cadena de comunidad publica por defecto como la privada de 2 dispositivos de nuestra red. Este modulo puede tambien ser una util herramienta para administradores de red, para identificar dispositivos adjuntos configurados de forma insegura.


© Offensive Security 2009 

Original de www.offensive-security.com
Traducido por cbk999
Obtenido de «http://www.metasploit-es.com.ar/wiki/index.php/Snmp/snmp_login»
Herramientas personales