• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

ADMsnmp.READMEH A D17-Feb-19996.9 KiB169146

snmp.cH A D03-May-202216.9 KiB729542

snmp.passwdH A D17-Feb-199998 1514

ADMsnmp.README

1
2                      ___      ______      _       _
3                    /     \   |   _   \   |  \   /  |
4                   |  / \  |  |  |  \  |  |   \_/   |
5                   | |___| |  |  |_ /  |  |   \_/   |
6..oO  THE          |  ---  |  |       /   |  |   |  |         CreW Oo..
7                   '''   '''   '''''''    ''''   ''''
8                               presents
9
10                         [ ADMsnmp v 0.1 ]
11                      * SNMP audit scanner *
12
13ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
14http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
15http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
16
17ADMsnmp is an snmpd audit scanner.
18Any of you know how weak and funny snmp is?
19You can obtain a great deal of usefull info  like  admin name's,
20you can play with the interface of the router, reboot the machine
21get the password file of the router (Ascend), or execute commands remoteley,
22anyway snmp is a BIG hole.
23
24ADMsnmp can brute force the snmp community name (with a wordfile) or
25make a wordfile list derived the hostname.
26ADMsnmp can report to you all valid community
27names found and inform you if writable access to the MIB has been attained.
28
29ADMsnmp is very easy to use and designed with speed in mind!
30
31here is an example session
32
33[root@ADM apps]# a.out  172.21.6.1  -wor snmp.passwd -sleep 1
34ADMsnmp vbeta 0.1 (c) The ADM crew
35ftp://ADM.isp.at/ADM/
36greets: !ADM, el8.org, ansia
37>>>>>>>>>>> get req name=root  id = 2 >>>>>>>>>>>
38>>>>>>>>>>> get req name=public   id = 5 >>>>>>>>>>>
39>>>>>>>>>>> get req name=private  id = 8 >>>>>>>>>>>
40>>>>>>>>>>> get req name=write  id = 11 >>>>>>>>>>>
41<<<<<<<<<<< recv snmpd paket id = 9 name = private ret =0 <<<<<<<<<<
42>>>>>>>>>>>> send setrequest id = 9 name = private >>>>>>>>
43>>>>>>>>>>> get req name=admin  id = 14 >>>>>>>>>>>
44<<<<<<<<<<< recv snmpd paket id = 10 name = private ret =0 <<<<<<<<<<
45>>>>>>>>>>> get req name=proxy  id = 17 >>>>>>>>>>>
46<<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
47>>>>>>>>>>> get req name=ascend  id = 20 >>>>>>>>>>>
48<<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
49>>>>>>>>>>> get req name=cisco  id = 23 >>>>>>>>>>>
50>>>>>>>>>>> get req name=router  id = 26 >>>>>>>>>>>
51>>>>>>>>>>> get req name=shiva  id = 29 >>>>>>>>>>>
52>>>>>>>>>>> get req name=all private  id = 32 >>>>>>>>>>>
53>>>>>>>>>>> get req name= private  id = 35 >>>>>>>>>>>
54>>>>>>>>>>> get req name=access  id = 38 >>>>>>>>>>>
55>>>>>>>>>>> get req name=snmp  id = 41 >>>>>>>>>>>
56
57
58<!ADM!>         snmp check on router.dream.on.it                <!ADM!>
59sys.sysName.0:router.dream.on.it
60name = private write access
61
62ADMsnmp inform's you if it has write access to the MIB with the community name private.
63snmpwalk <ip> <community name>  and enjoy ;)
64
65another example ADMsnmp localhost -g  (with the guessname option)
66ADMsnmp vbeta 0.1 (c) The ADM crew
67ftp://ADM.isp.at/ADM/
68greets: !ADM, el8.org, ansia
69>>>>>>>>>>> get req name=public   id = 2 >>>>>>>>>>>
70<<<<<<<<<<< recv snmpd paket id = 3 name = public  ret =2 <<<<<<<<<<
71
72>>>>>>>>>>> get req name=private  id = 5 >>>>>>>>>>>
73<<<<<<<<<<< recv snmpd paket id = 4 name = public  ret =2 <<<<<<<<<<
74
75>>>>>>>>>>> get req name=localhost95  id = 8 >>>>>>>>>>>
76<<<<<<<<<<< recv snmpd paket id = 6 name = private ret =0 <<<<<<<<<<
77
78>>>>>>>>>>>> send setrequest id = 6 name = private >>>>>>>>
79>>>>>>>>>>> get req name=localhost96  id = 11 >>>>>>>>>>>
80<<<<<<<<<<< recv snmpd paket id = 7 name = private ret =0 <<<<<<<<<<
81
82>>>>>>>>>>> get req name=localhost97  id = 14 >>>>>>>>>>>
83<<<<<<<<<<< recv snmpd paket id = 9 name = localhost95 ret =2 <<<<<<<<
84<<
85>>>>>>>>>>> get req name=localhost98  id = 17 >>>>>>>>>>>
86<<<<<<<<<<< recv snmpd paket id = 10 name = localhost95 ret =2 <<<<<<<
87<<<
88>>>>>>>>>>> get req name=localhost99  id = 20 >>>>>>>>>>>
89<<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
90
91>>>>>>>>>>> get req name=localhost0  id = 23 >>>>>>>>>>>
92<<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
93
94>>>>>>>>>>> get req name=localhost1  id = 26 >>>>>>>>>>>
95<<<<<<<<<<< recv snmpd paket id = 12 name = localhost96 ret =2 <<<<<<<
96<<<
97>>>>>>>>>>> get req name=localhost2  id = 29 >>>>>>>>>>>
98<<<<<<<<<<< recv snmpd paket id = 13 name = localhost96 ret =2 <<<<<<<
99<<<
100>>>>>>>>>>> get req name=localhost3  id = 32 >>>>>>>>>>>
101<<<<<<<<<<< recv snmpd paket id = 15 name = localhost97 ret =2 <<<<<<<
102<<<
103>>>>>>>>>>> get req name=localhost4  id = 35 >>>>>>>>>>>
104<<<<<<<<<<< recv snmpd paket id = 16 name = localhost97 ret =2 <<<<<<<
105<<<
106>>>>>>>>>>> get req name=localhost5  id = 38 >>>>>>>>>>>
107<<<<<<<<<<< recv snmpd paket id = 18 name = localhost98 ret =2 <<<<<<<
108<<<
109>>>>>>>>>>> get req name=localhost6  id = 41 >>>>>>>>>>>
110<<<<<<<<<<< recv snmpd paket id = 19 name = localhost98 ret =2 <<<<<<<
111<<<
112>>>>>>>>>>> get req name=localhost7  id = 44 >>>>>>>>>>>
113<<<<<<<<<<< recv snmpd paket id = 21 name = localhost99 ret =2 <<<<<<<
114<<<
115>>>>>>>>>>> get req name=localhost8  id = 47 >>>>>>>>>>>
116<<<<<<<<<<< recv snmpd paket id = 22 name = localhost99 ret =2 <<<<<<<
117<<<
118>>>>>>>>>>> get req name=localhost9  id = 50 >>>>>>>>>>>
119<<<<<<<<<<< recv snmpd paket id = 24 name = localhost0 ret =2 <<<<<<<<
120<<
121>>>>>>>>>>> get req name=localhost10  id = 53 >>>>>>>>>>>
122<<<<<<<<<<< recv snmpd paket id = 25 name = localhost0 ret =2 <<<<<<<<
123<<
124>>>>>>>>>>> get req name=localhost00  id = 56 >>>>>>>>>>>
125<<<<<<<<<<< recv snmpd paket id = 27 name = localhost1 ret =2 <<<<<<<<
126<<
127>>>>>>>>>>> get req name=localhost01  id = 59 >>>>>>>>>>>
128<<<<<<<<<<< recv snmpd paket id = 28 name = localhost1 ret =2 <<<<<<<<
129<<
130>>>>>>>>>>> get req name=localhost02  id = 62 >>>>>>>>>>>
131<<<<<<<<<<< recv snmpd paket id = 30 name = localhost2 ret =2 <<<<<<<<
132<<
133>>>>>>>>>>> get req name=localhost03  id = 65 >>>>>>>>>>>
134<<<<<<<<<<< recv snmpd paket id = 31 name = localhost2 ret =2 <<<<<<<<
135>>>>>>>>>>> get req name=localhost04  id = 68 >>>>>>>>>>>
136<<<<<<<<<<< recv snmpd paket id = 33 name = localhost3 ret =2 <<<<<<<<
137<<
138>>>>>>>>>>> get req name=localhost05  id = 71 >>>>>>>>>>>
139<<<<<<<<<<< recv snmpd paket id = 34 name = localhost3 ret =2 <<<<<<<<
140<<
141>>>>>>>>>>> get req name=localhost06  id = 74 >>>>>>>>>>>
142<<<<<<<<<<< recv snmpd paket id = 36 name = localhost4 ret =2 <<<<<<<<
143<<
144>>>>>>>>>>> get req name=localhost07  id = 77 >>>>>>>>>>>
145<<<<<<<<<<< recv snmpd paket id = 37 name = localhost4 ret =2 <<<<<<<<
146<<
147>>>>>>>>>>> get req name=localhost08  id = 80 >>>>>>>>>>>
148<<<<<<<<<<< recv snmpd paket id = 39 name = localhost5 ret =2 <<<<<<<<
149<<
150>>>>>>>>>>> get req name=localhost09  id = 83 >>>>>>>>>>>
151<<<<<<<<<<< recv snmpd paket id = 40 name = localhost5 ret =2 <<<<<<<<
152<<
153>>>>>>>>>>> get req name=localhost10  id = 86 >>>>>>>>>>>
154<<<<<<<<<<< recv snmpd paket id = 42 name = localhost6 ret =2 <<<<<<<<
155<<
156>>>>>>>>>>> get req name=LOCALHOST95  id = 89 >>>>>>>>>>>
157 etc..
158
159
160ADMsnmp is available on
161ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
162http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
163http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
164
165happy snmp walking :)
166
167The ADM Crew
168(thx to #as400 who help me to boot my as400 )
169