New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

snmp-ios-config --script-args not working #862

Closed
rikosintie opened this Issue Apr 21, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@rikosintie

rikosintie commented Apr 21, 2017

Hello, I am so sorry, I closed the issue earlier today before I tested. I reinstalled nmap 7.40 on a windows 7 machine. I verified that the snmp-ios-config.nse had:

-- @Usage
-- nmap -sU -p 161 --script snmp-ios-config --script-args creds.snmp=

and re-ran. I had the same issue where it is passing public when I put private in as the argument. I hope I'm not overlooking a simple step and wasting your time. Below is a debug.

C:\Users\mhubbard>nmap -ddd -sU -p 161 --script snmp-ios-config --script-args creds.snmp=YHSRW 10.140.128.233
Trying to initialize Windows pcap engine
npcap service is already running.
Winpcap present, dynamic linked to: Npcap version 0.10 r9, based on libpcap version 1.9.0-PRE-GIT

Starting Nmap 7.40 ( https://nmap.org ) at 2017-04-21 15:31 Pacific Daylight Time
Fetchfile found C:\Program Files (x86)\Nmap/nmap-services
Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0

NSE: Using Lua 5.3.
Fetchfile found C:\Program Files (x86)\Nmap/nse_main.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/lpeg-utility.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/stdnse.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/strict.lua
Fetchfile found C:\Program Files (x86)\Nmap/scripts\script.db
NSE: Arguments from CLI: creds.snmp=YHSRW
NSE: Arguments parsed: creds.snmp=YHSRW
NSE: {
["creds.snmp"] = "YHSRW",
}
Fetchfile found C:\Program Files (x86)\Nmap/scripts\snmp-ios-config.nse
NSE: Script snmp-ios-config.nse was selected by name.
Fetchfile found C:\Program Files (x86)\Nmap/nselib/shortport.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/snmp.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/asn1.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/bin.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/bit.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/creds.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/ipOps.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/unittest.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/nsedebug.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/listop.lua
Fetchfile found C:\Program Files (x86)\Nmap/nselib/tftp.lua
NSE: Loaded 1 scripts for scanning.
NSE: Loaded 'C:\Program Files (x86)\Nmap/scripts\snmp-ios-config.nse'.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:31
Completed NSE at 15:31, 0.00s elapsed
Fetchfile found C:\Program Files (x86)\Nmap/nmap-payloads
Initiating Ping Scan at 15:31
Scanning 10.140.128.233 [4 ports]
Packet capture filter (device eth3): dst host 10.140.129.153 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.140.128.233)))
SENT (2.5950s) ICMP [10.140.129.153 > 10.140.128.233 Echo request (type=8/code=0) id=61757 seq=0] IP [ver=4 ihl=5 tos=0x00 iplen=28 id=12669
foff=0 ttl=43 proto=1 csum=0x46ca]
TIMING STATS (2.5950s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/r
ttvar/
Groupstats (1/1 incomplete): 1/////* 10.00/75/* 1000000/-1/-1
Current sending rates: 0.97 packets / s, 27.18 bytes / s.
Overall sending rates: 0.97 packets / s, 27.18 bytes / s.
RCVD (2.5950s) ICMP [10.140.128.233 > 10.140.129.153 Echo reply (type=0/code=0) id=61757 seq=0] IP [ver=4 ihl=5 tos=0x00 iplen=28 id=12669 f
off=0 ttl=254 proto=1 csum=0x73c9]
Found 10.140.128.233 in incomplete hosts list.
We got a ping packet back from 10.140.128.233: id = 15857 seq = 0 checksum = 49678
ultrascan_host_probe_update called for machine 10.140.128.233 state UNKNOWN -> HOST_UP (trynum 0 time: 0)
Changing ping technique for 10.140.128.233 to icmp type 8 code 0
Moving 10.140.128.233 to completed hosts list with 0 outstanding probes.
Changing global ping host to 10.140.128.233.
Completed Ping Scan at 15:31, 1.03s elapsed (1 total hosts)
Overall sending rates: 0.97 packets / s, 27.18 bytes / s.
pcap stats: 2 packets received by filter, 0 dropped by kernel.
mass_rdns: Using DNS server 10.140.7.243
mass_rdns: Using DNS server 10.140.46.63
Interface {01FF2EBA-5E7E-4665-89D2-E17E9BC6FB3F} is not known; ignoring its nameservers.
Interface {07C02759-18EC-4720-9CBD-DCB1E8C75973} is not known; ignoring its nameservers.
Interface {0E251438-C08A-4964-81E0-D58B5C714F5B} is not known; ignoring its nameservers.
Interface {174AF541-18BC-4596-A0C3-C4F937C20CAB} is not known; ignoring its nameservers.
Interface {2BC82352-7490-4236-A6BA-98FD3788C977} is not known; ignoring its nameservers.
Interface {2DAD3394-378B-432F-AEB7-2FC8B8FF3A3C} is not known; ignoring its nameservers.
Interface {333FE060-3B67-4223-8051-FA70E9A7E9F9} is not known; ignoring its nameservers.
Interface {43876E09-EB2D-4904-A347-E07288904489} is not known; ignoring its nameservers.
Interface {47D4E091-13A5-460A-B90F-D6ADA603DEAE} is not known; ignoring its nameservers.
Interface {498344E7-A939-47EF-9FA5-699F688720DF} is not known; ignoring its nameservers.
Interface {5566A75F-36CE-4B42-9B14-5FDC61E57A75} is not known; ignoring its nameservers.
Interface {5656E129-E42E-4F9A-B6BC-E30A240762E1} is not known; ignoring its nameservers.
Interface {616B1B79-8D64-47CA-ADFB-9409A26DA647} is not known; ignoring its nameservers.
Interface {65DDB909-F1E8-449B-8794-C8F8CE0A32B9} is not known; ignoring its nameservers.
Interface {6D4F251F-23D6-4A3F-950D-C7CB32F546BA} is not known; ignoring its nameservers.
Interface {6E6174A5-B75C-411A-849A-386EFA5B90A7} is not known; ignoring its nameservers.
Interface {73CEBE99-DB24-4920-8A98-267E0318B5F8} is not known; ignoring its nameservers.
Interface {846ee342-7039-11de-9d20-806e6f6e6963} is not known; ignoring its nameservers.
Interface {90662669-CE8C-4AB2-9984-62CC3F2B3CDB} is not known; ignoring its nameservers.
Interface {93973878-C8B7-457F-A50E-C409B7B10B20} is not known; ignoring its nameservers.
Interface {981A5DA6-50C6-4614-BB37-C97F7F4553B4} is not known; ignoring its nameservers.
Interface {99346B60-C498-42CD-8BFB-9F78D1C291F6} is not known; ignoring its nameservers.
Interface {9ED42C74-FAE1-4F6B-9F10-6FBD62E3C2F9} is not known; ignoring its nameservers.
Interface {AF655E59-9D1C-4FF6-B0C1-05C429C14E9B} is not known; ignoring its nameservers.
mass_rdns: Using DNS server 10.140.7.243
mass_rdns: Using DNS server 10.140.46.63
Interface {BDBC760E-5D32-4A5B-9D6C-849F02DEABE2} is not known; ignoring its nameservers.
Interface {C644787D-B678-43ED-9364-CEF33909E850} is not known; ignoring its nameservers.
Interface {D8739B14-75B3-4E0A-9B01-A66359405182} is not known; ignoring its nameservers.
Interface {DDF5E6A9-5F8F-40DD-8294-1CE0296C9F5E} is not known; ignoring its nameservers.
Interface {E4AA53D5-612E-462F-9743-595DCA09C1B7} is not known; ignoring its nameservers.
Interface {E5C4A52C-3DB4-4FCD-B0FC-B45816CEE53B} is not known; ignoring its nameservers.
Interface {F480E405-9412-49CC-83A2-6EE25E4224B8} is not known; ignoring its nameservers.
Interface {FA189ECA-EADE-42A4-9177-AB5E3D91ABFB} is not known; ignoring its nameservers.
NSOCK INFO [7.1920s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [7.1920s] nsock_connect_udp(): UDP connection requested to 10.140.46.63:53 (IOD #1) EID 8
NSOCK INFO [7.1920s] nsock_read(): Read request from IOD #1 [10.140.46.63:53] (timeout: -1ms) EID 18
NSOCK INFO [7.1920s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [7.1920s] nsock_connect_udp(): UDP connection requested to 10.140.7.243:53 (IOD #2) EID 24
NSOCK INFO [7.1920s] nsock_read(): Read request from IOD #2 [10.140.7.243:53] (timeout: -1ms) EID 34
NSOCK INFO [7.1920s] nsock_iod_new2(): nsock_iod_new (IOD #3)
NSOCK INFO [7.1920s] nsock_connect_udp(): UDP connection requested to 10.140.46.63:53 (IOD #3) EID 40
NSOCK INFO [7.1920s] nsock_read(): Read request from IOD #3 [10.140.46.63:53] (timeout: -1ms) EID 50
NSOCK INFO [7.1920s] nsock_iod_new2(): nsock_iod_new (IOD #4)
NSOCK INFO [7.1920s] nsock_connect_udp(): UDP connection requested to 10.140.7.243:53 (IOD #4) EID 56
NSOCK INFO [7.1920s] nsock_read(): Read request from IOD #4 [10.140.7.243:53] (timeout: -1ms) EID 66
Initiating Parallel DNS resolution of 1 host. at 15:31
NSOCK INFO [7.1920s] nsock_write(): Write request for 45 bytes to IOD #1 EID 75 [10.140.46.63:53]
NSOCK INFO [7.1920s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [10.140.46.63:53]
NSOCK INFO [7.1920s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [10.140.46.63:53]
NSOCK INFO [7.1920s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [10.140.7.243:53]
NSOCK INFO [7.1920s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 40 [10.140.46.63:53]
NSOCK INFO [7.1920s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 56 [10.140.7.243:53]
NSOCK INFO [7.2080s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [10.140.46.63:53] (104 bytes)
NSOCK INFO [7.2080s] nsock_read(): Read request from IOD #1 [10.140.46.63:53] (timeout: -1ms) EID 82
NSOCK INFO [7.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [7.2080s] nevent_delete(): nevent_delete on event #82 (type READ)
NSOCK INFO [7.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [7.2080s] nevent_delete(): nevent_delete on event #34 (type READ)
NSOCK INFO [7.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #3)
NSOCK INFO [7.2080s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [7.2080s] nsock_iod_delete(): nsock_iod_delete (IOD #4)
NSOCK INFO [7.2080s] nevent_delete(): nevent_delete on event #66 (type READ)
mass_rdns: 4.60s 0/1 [#: 4, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 15:31, 0.02s elapsed
DNS resolution of 1 IPs took 4.60s. Mode: Async [#: 4, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating UDP Scan at 15:31
10.140.128.233 pingprobe type ICMP is inappropriate for this scan type; resetting.
Scanning 10.140.128.233 [1 port]
Packet capture filter (device eth3): dst host 10.140.129.153 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.140.128.233)))
SENT (7.2240s) UDP [10.140.129.153:52579 > 10.140.128.233:161 len=68 csum=0xD1ED] IP [ver=4 ihl=5 tos=0x00 iplen=88 id=9464 foff=0 ttl=55 pr
oto=17 csum=0x4703]
TIMING STATS (7.2240s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/r
ttvar/
Groupstats (1/1 incomplete): 1/////* 10.00/75/* 1000000/-1/-1
Current sending rates: 62.50 packets / s, 5500.00 bytes / s.
Overall sending rates: 62.50 packets / s, 5500.00 bytes / s.
RCVD (7.2240s) UDP [10.140.128.233:161 > 10.140.129.153:52579 len=111 csum=0xADF3] IP [ver=4 ihl=5 tos=0x00 iplen=131 id=21 foff=0 ttl=254 p
roto=17 csum=0xa4ba]
Found 10.140.128.233 in incomplete hosts list.
Discovered open port 161/udp on 10.140.128.233
Changing ping technique for 10.140.128.233 to udp to port 161
Moving 10.140.128.233 to completed hosts list with 0 outstanding probes.
Changing global ping host to 10.140.128.233.
Completed UDP Scan at 15:31, 0.02s elapsed (1 total ports)
Overall sending rates: 62.50 packets / s, 5500.00 bytes / s.
pcap stats: 3 packets received by filter, 0 dropped by kernel.
NSE: Script scanning 10.140.128.233.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:31
NSE: Starting snmp-ios-config M:3684DF4 against 10.140.128.233:161.
NSOCK INFO [7.2080s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [7.2390s] nsock_connect_udp(): UDP connection requested to 10.140.128.233:161 (IOD #1) EID 8
NSOCK INFO [7.2390s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [10.140.128.233:161]
NSE: UDP 10.140.129.153:65107 > 10.140.128.233:161 | CONNECT
NSE: UDP 10.140.129.153:65107 > 10.140.128.233:161 | 00000000: 30 30 02 01 00 04 06 70 75 62 6c 69 63 a3 23 02 00 public #
00000010: 03 00 81 43 02 01 00 02 01 00 30 16 30 14 06 0f C 0 0
00000020: 2b 06 01 04 01 09 09 60 01 01 01 01 02 ce 0f 02 + `
00000030: 01 01

NSOCK INFO [7.2390s] nsock_write(): Write request for 50 bytes to IOD #1 EID 19 [10.140.128.233:161]
NSOCK INFO [7.2390s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [10.140.128.233:161]
NSE: UDP 10.140.129.153:65107 > 10.140.128.233:161 | SEND
NSOCK INFO [7.2390s] nsock_readbytes(): Read request for 1 bytes from IOD #1 [10.140.128.233:161] EID 26
NSOCK INFO [12.2520s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 26 [10.140.128.233:161]
NSE: Finished snmp-ios-config M:3684DF4 against 10.140.128.233:161.
NSE: UDP 10.140.129.153:65107 > 10.140.128.233:161 | CLOSE
NSOCK INFO [12.2520s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
Completed NSE at 15:31, 5.03s elapsed
Nmap scan report for 10.140.128.233
Host is up, received echo-reply ttl 254 (0.00s latency).
Scanned at 2017-04-21 15:31:22 Pacific Daylight Time for 11s
PORT STATE SERVICE REASON
161/udp open snmp udp-response ttl 254
Final times for host: srtt: 0 rttvar: 3750 to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 15:31
Completed NSE at 15:31, 0.00s elapsed
Read from C:\Program Files (x86)\Nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 12.25 seconds
Raw packets sent: 2 (116B) | Rcvd: 2 (159B)

@dmiller-nmap

This comment has been minimized.

dmiller-nmap commented Apr 22, 2017

Aha, I see. When we implemented this, it was intended to use creds.snmp=:private, since the colon (":") is the username:password separator. But I forgot this when I updated the documentation. I've changed snmp.lua to accept any of the following:

  • creds.snmp=community
  • creds.snmp=:community
  • creds.snmp=ignored:community

And I updated the NSEdoc to use the :community syntax, since that will work with the already-released versions of these scripts.

@nmap-bot nmap-bot closed this in 13d06eb Apr 22, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment