Two snmp penetration scripts

Two snmp penetration scripts

About snmp

Snmp is called Simple Network Management Protocol. Many Network devices, such as switches, routers, and firewalls, enable this Protocol. The default port is 161. The risk is the snmp communication string (community strings). If attackers obtain the communication string of a network device, they can obtain the device information or even the device password. The most common default communication strings are public (read-only) and private (read/write). In addition, there are many manufacturers' private default communication strings. Some form of default communication string can be found on almost all network devices running SNMP.

Cisc0wn

This is an attack script against Cisco routers and switches that have enabled the snmp protocol. With this script, you can brute force crack community string, download the configuration file, and crack the password.

Usage

./Cisc0wn. sh

Function

Check whether snmp is enabled on the vro

Brute-force cracking of snmp community strings (you can customize the dictionary)

Use community strings to list the IOS version, hostname, arp table, and route table of the vro.

If you guess to solve the Read Write community operation, the router configuration is automatically downloaded.

Search for and display the telnet password in plaintext

 

Automatically decrypts the Cisco type7 Password

 

Display the md5 encryption password of type5

Environment required

Metasploit

Preferably on kali and backtrack5

H3c-pt-tools

Penetration Tests and audits can be performed on devices of Huawei, HP, and H3C. You can use the nmap script and msf module to perform automatic snmp attacks.