Re: snmp vulnerablities

From: Ron Russell (ronat_private)
Date: Mon Jul 16 2001 - 10:14:07 PDT

Next message: Javier Fernandez-Sanguino Peña: "NEW IIS tools"

Previous message: Jose Desseno ( Infobyte Security Research ): "RE: Finding PC Anywhere on Client Machines"
In reply to: H Carvey: "Re: snmp vulnerablities"
Next in thread: H C: "Re: snmp vulnerablities"
Reply: H C: "Re: snmp vulnerablities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

SNMP can also be used to write configuration parameters to Cisco Routers as
well (assuming you have the read/write community string).  I have actually
successfully downloaded a router config, unencrypted the hash for the
passwords, and telnetted into the router.  I'm sure that there are multiple
other security vulnerabilities here as well.

Ron Russell - MCSE, CCNA, CNE
480-6-Buddha
Silicon Buddha LLC
Enlightened Network Services
www.siliconbuddha.com
Offering Free Vulnerability Assessments from the deserts of Phoenix Arizona
----- Original Message -----
From: "H Carvey" <keydet89at_private>
To: <pen-testat_private>
Sent: Saturday, July 14, 2001 6:50 AM
Subject: Re: snmp vulnerablities


> Hi there. how do you exploit or gain access
from vulnerable host using snmp
vulnerablities. I've tried to used this command
but its not work :
>

I'm not sure why you would try sending 'echo'
commands to the SNMP agent...do any agents
have a vulnerability that will allow them to
write to the drive?

I have always seen SNMP as a great recon
protocol, especially when it is misconfigured
(ie, default community strings, no restrictions
on management stations, etc).  On Win2K, you
can enum usernames, services, TCP/UDP info,
etc.

Systems running SNMP can divulge
information...if they are misconfigured.  This
is why many people call SNMP a 'dangerous'
protocol.  As with anything else, some simple
configuration steps can fix that.  Yes, if
someone installs a sniffer and captures some
datagrams containing your SNMPv1 read-write
community string, you could most definitely
have problems (though I doubt that those
problems include the ability to write to the
drive).  However, if someone is able to load a
sniffer on your network, you've got other
problems to worry about...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Javier Fernandez-Sanguino Peña: "NEW IIS tools"
Previous message: Jose Desseno ( Infobyte Security Research ): "RE: Finding PC Anywhere on Client Machines"
In reply to: H Carvey: "Re: snmp vulnerablities"
Next in thread: H C: "Re: snmp vulnerablities"
Reply: H C: "Re: snmp vulnerablities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 11:16:31 PDT