ADMsnmp.README
1
2 ___ ______ _ _
3 / \ | _ \ | \ / |
4 | / \ | | | \ | | \_/ |
5 | |___| | | |_ / | | \_/ |
6..oO THE | --- | | / | | | | CreW Oo..
7 ''' ''' ''''''' '''' ''''
8 presents
9
10 [ ADMsnmp v 0.1 ]
11 * SNMP audit scanner *
12
13ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
14http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
15http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
16
17ADMsnmp is an snmpd audit scanner.
18Any of you know how weak and funny snmp is?
19You can obtain a great deal of usefull info like admin name's,
20you can play with the interface of the router, reboot the machine
21get the password file of the router (Ascend), or execute commands remoteley,
22anyway snmp is a BIG hole.
23
24ADMsnmp can brute force the snmp community name (with a wordfile) or
25make a wordfile list derived the hostname.
26ADMsnmp can report to you all valid community
27names found and inform you if writable access to the MIB has been attained.
28
29ADMsnmp is very easy to use and designed with speed in mind!
30
31here is an example session
32
33[root@ADM apps]# a.out 172.21.6.1 -wor snmp.passwd -sleep 1
34ADMsnmp vbeta 0.1 (c) The ADM crew
35ftp://ADM.isp.at/ADM/
36greets: !ADM, el8.org, ansia
37>>>>>>>>>>> get req name=root id = 2 >>>>>>>>>>>
38>>>>>>>>>>> get req name=public id = 5 >>>>>>>>>>>
39>>>>>>>>>>> get req name=private id = 8 >>>>>>>>>>>
40>>>>>>>>>>> get req name=write id = 11 >>>>>>>>>>>
41<<<<<<<<<<< recv snmpd paket id = 9 name = private ret =0 <<<<<<<<<<
42>>>>>>>>>>>> send setrequest id = 9 name = private >>>>>>>>
43>>>>>>>>>>> get req name=admin id = 14 >>>>>>>>>>>
44<<<<<<<<<<< recv snmpd paket id = 10 name = private ret =0 <<<<<<<<<<
45>>>>>>>>>>> get req name=proxy id = 17 >>>>>>>>>>>
46<<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
47>>>>>>>>>>> get req name=ascend id = 20 >>>>>>>>>>>
48<<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
49>>>>>>>>>>> get req name=cisco id = 23 >>>>>>>>>>>
50>>>>>>>>>>> get req name=router id = 26 >>>>>>>>>>>
51>>>>>>>>>>> get req name=shiva id = 29 >>>>>>>>>>>
52>>>>>>>>>>> get req name=all private id = 32 >>>>>>>>>>>
53>>>>>>>>>>> get req name= private id = 35 >>>>>>>>>>>
54>>>>>>>>>>> get req name=access id = 38 >>>>>>>>>>>
55>>>>>>>>>>> get req name=snmp id = 41 >>>>>>>>>>>
56
57
58<!ADM!> snmp check on router.dream.on.it <!ADM!>
59sys.sysName.0:router.dream.on.it
60name = private write access
61
62ADMsnmp inform's you if it has write access to the MIB with the community name private.
63snmpwalk <ip> <community name> and enjoy ;)
64
65another example ADMsnmp localhost -g (with the guessname option)
66ADMsnmp vbeta 0.1 (c) The ADM crew
67ftp://ADM.isp.at/ADM/
68greets: !ADM, el8.org, ansia
69>>>>>>>>>>> get req name=public id = 2 >>>>>>>>>>>
70<<<<<<<<<<< recv snmpd paket id = 3 name = public ret =2 <<<<<<<<<<
71
72>>>>>>>>>>> get req name=private id = 5 >>>>>>>>>>>
73<<<<<<<<<<< recv snmpd paket id = 4 name = public ret =2 <<<<<<<<<<
74
75>>>>>>>>>>> get req name=localhost95 id = 8 >>>>>>>>>>>
76<<<<<<<<<<< recv snmpd paket id = 6 name = private ret =0 <<<<<<<<<<
77
78>>>>>>>>>>>> send setrequest id = 6 name = private >>>>>>>>
79>>>>>>>>>>> get req name=localhost96 id = 11 >>>>>>>>>>>
80<<<<<<<<<<< recv snmpd paket id = 7 name = private ret =0 <<<<<<<<<<
81
82>>>>>>>>>>> get req name=localhost97 id = 14 >>>>>>>>>>>
83<<<<<<<<<<< recv snmpd paket id = 9 name = localhost95 ret =2 <<<<<<<<
84<<
85>>>>>>>>>>> get req name=localhost98 id = 17 >>>>>>>>>>>
86<<<<<<<<<<< recv snmpd paket id = 10 name = localhost95 ret =2 <<<<<<<
87<<<
88>>>>>>>>>>> get req name=localhost99 id = 20 >>>>>>>>>>>
89<<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
90
91>>>>>>>>>>> get req name=localhost0 id = 23 >>>>>>>>>>>
92<<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
93
94>>>>>>>>>>> get req name=localhost1 id = 26 >>>>>>>>>>>
95<<<<<<<<<<< recv snmpd paket id = 12 name = localhost96 ret =2 <<<<<<<
96<<<
97>>>>>>>>>>> get req name=localhost2 id = 29 >>>>>>>>>>>
98<<<<<<<<<<< recv snmpd paket id = 13 name = localhost96 ret =2 <<<<<<<
99<<<
100>>>>>>>>>>> get req name=localhost3 id = 32 >>>>>>>>>>>
101<<<<<<<<<<< recv snmpd paket id = 15 name = localhost97 ret =2 <<<<<<<
102<<<
103>>>>>>>>>>> get req name=localhost4 id = 35 >>>>>>>>>>>
104<<<<<<<<<<< recv snmpd paket id = 16 name = localhost97 ret =2 <<<<<<<
105<<<
106>>>>>>>>>>> get req name=localhost5 id = 38 >>>>>>>>>>>
107<<<<<<<<<<< recv snmpd paket id = 18 name = localhost98 ret =2 <<<<<<<
108<<<
109>>>>>>>>>>> get req name=localhost6 id = 41 >>>>>>>>>>>
110<<<<<<<<<<< recv snmpd paket id = 19 name = localhost98 ret =2 <<<<<<<
111<<<
112>>>>>>>>>>> get req name=localhost7 id = 44 >>>>>>>>>>>
113<<<<<<<<<<< recv snmpd paket id = 21 name = localhost99 ret =2 <<<<<<<
114<<<
115>>>>>>>>>>> get req name=localhost8 id = 47 >>>>>>>>>>>
116<<<<<<<<<<< recv snmpd paket id = 22 name = localhost99 ret =2 <<<<<<<
117<<<
118>>>>>>>>>>> get req name=localhost9 id = 50 >>>>>>>>>>>
119<<<<<<<<<<< recv snmpd paket id = 24 name = localhost0 ret =2 <<<<<<<<
120<<
121>>>>>>>>>>> get req name=localhost10 id = 53 >>>>>>>>>>>
122<<<<<<<<<<< recv snmpd paket id = 25 name = localhost0 ret =2 <<<<<<<<
123<<
124>>>>>>>>>>> get req name=localhost00 id = 56 >>>>>>>>>>>
125<<<<<<<<<<< recv snmpd paket id = 27 name = localhost1 ret =2 <<<<<<<<
126<<
127>>>>>>>>>>> get req name=localhost01 id = 59 >>>>>>>>>>>
128<<<<<<<<<<< recv snmpd paket id = 28 name = localhost1 ret =2 <<<<<<<<
129<<
130>>>>>>>>>>> get req name=localhost02 id = 62 >>>>>>>>>>>
131<<<<<<<<<<< recv snmpd paket id = 30 name = localhost2 ret =2 <<<<<<<<
132<<
133>>>>>>>>>>> get req name=localhost03 id = 65 >>>>>>>>>>>
134<<<<<<<<<<< recv snmpd paket id = 31 name = localhost2 ret =2 <<<<<<<<
135>>>>>>>>>>> get req name=localhost04 id = 68 >>>>>>>>>>>
136<<<<<<<<<<< recv snmpd paket id = 33 name = localhost3 ret =2 <<<<<<<<
137<<
138>>>>>>>>>>> get req name=localhost05 id = 71 >>>>>>>>>>>
139<<<<<<<<<<< recv snmpd paket id = 34 name = localhost3 ret =2 <<<<<<<<
140<<
141>>>>>>>>>>> get req name=localhost06 id = 74 >>>>>>>>>>>
142<<<<<<<<<<< recv snmpd paket id = 36 name = localhost4 ret =2 <<<<<<<<
143<<
144>>>>>>>>>>> get req name=localhost07 id = 77 >>>>>>>>>>>
145<<<<<<<<<<< recv snmpd paket id = 37 name = localhost4 ret =2 <<<<<<<<
146<<
147>>>>>>>>>>> get req name=localhost08 id = 80 >>>>>>>>>>>
148<<<<<<<<<<< recv snmpd paket id = 39 name = localhost5 ret =2 <<<<<<<<
149<<
150>>>>>>>>>>> get req name=localhost09 id = 83 >>>>>>>>>>>
151<<<<<<<<<<< recv snmpd paket id = 40 name = localhost5 ret =2 <<<<<<<<
152<<
153>>>>>>>>>>> get req name=localhost10 id = 86 >>>>>>>>>>>
154<<<<<<<<<<< recv snmpd paket id = 42 name = localhost6 ret =2 <<<<<<<<
155<<
156>>>>>>>>>>> get req name=LOCALHOST95 id = 89 >>>>>>>>>>>
157 etc..
158
159
160ADMsnmp is available on
161ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
162http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
163http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
164
165happy snmp walking :)
166
167The ADM Crew
168(thx to #as400 who help me to boot my as400 )
169