___ ______ _ _ / \ | _ \ | \ / | | / \ | | | \ | | \_/ | | |___| | | |_ / | | \_/ | ..oO THE | --- | | / | | | | CreW Oo.. ''' ''' ''''''' '''' '''' presents [ ADMsnmp v 0.1 ] * SNMP audit scanner * ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz http://el8.org/~antilove/ADMsnmp.0.1.tar.gz ADMsnmp is an snmpd audit scanner. Any of you know how weak and funny snmp is? You can obtain a great deal of usefull info like admin name's, you can play with the interface of the router, reboot the machine get the password file of the router (Ascend), or execute commands remoteley, anyway snmp is a BIG hole. ADMsnmp can brute force the snmp community name (with a wordfile) or make a wordfile list derived the hostname. ADMsnmp can report to you all valid community names found and inform you if writable access to the MIB has been attained. ADMsnmp is very easy to use and designed with speed in mind! here is an example session [root@ADM apps]# a.out 172.21.6.1 -wor snmp.passwd -sleep 1 ADMsnmp vbeta 0.1 (c) The ADM crew ftp://ADM.isp.at/ADM/ greets: !ADM, el8.org, ansia >>>>>>>>>>> get req name=root id = 2 >>>>>>>>>>> >>>>>>>>>>> get req name=public id = 5 >>>>>>>>>>> >>>>>>>>>>> get req name=private id = 8 >>>>>>>>>>> >>>>>>>>>>> get req name=write id = 11 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 9 name = private ret =0 <<<<<<<<<< >>>>>>>>>>>> send setrequest id = 9 name = private >>>>>>>> >>>>>>>>>>> get req name=admin id = 14 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 10 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=proxy id = 17 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=ascend id = 20 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=cisco id = 23 >>>>>>>>>>> >>>>>>>>>>> get req name=router id = 26 >>>>>>>>>>> >>>>>>>>>>> get req name=shiva id = 29 >>>>>>>>>>> >>>>>>>>>>> get req name=all private id = 32 >>>>>>>>>>> >>>>>>>>>>> get req name= private id = 35 >>>>>>>>>>> >>>>>>>>>>> get req name=access id = 38 >>>>>>>>>>> >>>>>>>>>>> get req name=snmp id = 41 >>>>>>>>>>> <!ADM!> snmp check on router.dream.on.it <!ADM!> sys.sysName.0:router.dream.on.it name = private write access ADMsnmp inform's you if it has write access to the MIB with the community name private. snmpwalk <ip> <community name> and enjoy ;) another example ADMsnmp localhost -g (with the guessname option) ADMsnmp vbeta 0.1 (c) The ADM crew ftp://ADM.isp.at/ADM/ greets: !ADM, el8.org, ansia >>>>>>>>>>> get req name=public id = 2 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 3 name = public ret =2 <<<<<<<<<< >>>>>>>>>>> get req name=private id = 5 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 4 name = public ret =2 <<<<<<<<<< >>>>>>>>>>> get req name=localhost95 id = 8 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 6 name = private ret =0 <<<<<<<<<< >>>>>>>>>>>> send setrequest id = 6 name = private >>>>>>>> >>>>>>>>>>> get req name=localhost96 id = 11 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 7 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=localhost97 id = 14 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 9 name = localhost95 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost98 id = 17 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 10 name = localhost95 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost99 id = 20 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=localhost0 id = 23 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<< >>>>>>>>>>> get req name=localhost1 id = 26 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 12 name = localhost96 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost2 id = 29 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 13 name = localhost96 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost3 id = 32 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 15 name = localhost97 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost4 id = 35 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 16 name = localhost97 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost5 id = 38 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 18 name = localhost98 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost6 id = 41 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 19 name = localhost98 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost7 id = 44 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 21 name = localhost99 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost8 id = 47 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 22 name = localhost99 ret =2 <<<<<<< <<< >>>>>>>>>>> get req name=localhost9 id = 50 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 24 name = localhost0 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost10 id = 53 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 25 name = localhost0 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost00 id = 56 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 27 name = localhost1 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost01 id = 59 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 28 name = localhost1 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost02 id = 62 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 30 name = localhost2 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost03 id = 65 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 31 name = localhost2 ret =2 <<<<<<<< >>>>>>>>>>> get req name=localhost04 id = 68 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 33 name = localhost3 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost05 id = 71 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 34 name = localhost3 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost06 id = 74 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 36 name = localhost4 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost07 id = 77 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 37 name = localhost4 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost08 id = 80 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 39 name = localhost5 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost09 id = 83 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 40 name = localhost5 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=localhost10 id = 86 >>>>>>>>>>> <<<<<<<<<<< recv snmpd paket id = 42 name = localhost6 ret =2 <<<<<<<< << >>>>>>>>>>> get req name=LOCALHOST95 id = 89 >>>>>>>>>>> etc.. ADMsnmp is available on ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz http://el8.org/~antilove/ADMsnmp.0.1.tar.gz happy snmp walking :) The ADM Crew (thx to #as400 who help me to boot my as400 )
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:28 PDT