It's been bugging me for a while how poorly the SNMP NSE library
handled community strings. Essentially, there is a single place in the
registry to store a community string, regardless of whether different
hosts have different communities. The snmp-brute script overwrites
this single place (nmap.registry.snmpcommunity) every time it finishes
a host, so the scripts that rely on it to set the community could be
using the wrong one.
The attached patch adds a Helper class to handle choosing the
community and all the socket communication. Now the discovered
communities are stored in host.registry.snmpcommunity, so each host
can be handled separately. Moving all the socket communication into
the library means this patch actually reduces the number of lines of
code in NSE.
This patch should probably be modified to use the creds library to store and retrieve these credentials. This would allow storing multiple per-service community strings (e.g. read and write both).
The text was updated successfully, but these errors were encountered:
snmp-interfaces and the other snmp-* scripts will need to be modified to
pull from the creds library.
snmp-brute will be made a dependency for the snmp-* scripts so that they
wait until it is finished before they run. Otherwise they will run
concurrently and will finish before snmp-brute has populated the creds.
Finally I figured out what is the problem, seems the first argument to Credentials:new(...) is not just for debug but it's some kind of name for the credential storage, so it's not a good idea to use SCRIPT_NAME, or at least in our case break stuff, and definitely break credential sharing between scripts, documentation doesn't explain this clearly