Password Attacks

SNMP-Brute – Fast SNMP brute force, enumeration, CISCO config downloader and password cracking script

SNMP brute force, enumeration, CISCO config downloader and password cracking script. Listens for any responses to the brute force community strings, effectively minimising wait time.

Requirements

  • metasploit
  • snmpwalk
  • snmpstat
  • john the ripper

Usage

python snmp-brute.py -t [IP]

Options
--help, -h show this help message and exit
--file=DICTIONARY, -f DICTIONARY Dictionary file
--target=IP, -t IP Host IP
--port=PORT, -p PORT SNMP port

Advanced
--rate=RATE, -r RATE Send rate
--timeout=TIMEOUT Wait time for UDP response (in seconds)
--delay=DELAY Wait time after all packets are send (in seconds)
--iplist=LFILE IP list file
--verbose, -v Verbose output

Automation
--bruteonly, -b Do not try to enumerate – only bruteforce
--auto, -a Non Interactive Mode
--no-colours No colour output

Operating Systems
--windows Enumerate Windows OIDs (snmpenum.pl)
--linux Enumerate Linux OIDs (snmpenum.pl)
--cisco Append extra Cisco OIDs (snmpenum.pl)

Alternative Options
--stdin, -s Read communities from stdin
--community=COMMUNITY, -c COMMUNITY Single Community String to use
--sploitego Sploitego’s bruteforce method

Features

  • Brute forces both version 1 and version 2c SNMP community strings
  • Enumerates information for CISCO devices or if specified for Linux and Windows operating systems.
  • Identifies RW community strings
  • Tries to download the router config (metasploit module).
  • If the CISCO config file is downloaded, shows the plaintext passwords (metasploit module) and tries to crack hashed passords with John the Ripper

Credits

  • cisc0wn – github.com/nccgroup/cisco-SNMP-enumeration
  • sploitego project – github.com/allfro/sploitego/blob/master/src/sploitego/scapytools/snmp.py
  • snmpenum.pl script – by Filip Waeytens
  • metasploit – www.metasploit.com