Exemple #1
0
    def __init__(self,
                 host,
                 community="public",
                 version="1",
                 port=161,
                 retries=3,
                 timeout=1,
                 reporttype=None):
        """
        Makes a new Snmp-object.
        host: hostname
        community: community (password), defaults to "public"
        port: port, defaults to "161"
        """

        self.host = host
        self.community = community
        self.version = str(version)
        self.port = int(port)
        self.retries = retries
        self.timeout = timeout
        self.reporttype = reporttype

        self.handle = role.manager()
        self.handle.timeout = float(timeout)
Exemple #2
0
    def __init__(self, iface):
        """Initializes a TrapListener.

        iface -- A (srcadr, port) tuple.

        """
        self.iface = iface
        self._agent = role.manager(iface=iface)
Exemple #3
0
    def __init__(self, iface):
        """Initializes a TrapListener.

        iface -- A (srcadr, port) tuple.

        """
        self.iface = iface
        self._agent = role.manager(iface=iface)
Exemple #4
0
	def __init__(self, host, community="public", version="2c", port=161, retries=3, timeout=1):
		self.host = host
		self.community = community
		self.version=version
		self.port=port
		self.retries=retries
		self.timeout=timeout
		
		self.handle=role.manager((host,port))
Exemple #5
0
    def __init__(self,
                 host,
                 community="public",
                 version="2c",
                 port=161,
                 retries=3,
                 timeout=1):
        self.host = host
        self.community = community
        self.version = version
        self.port = port
        self.retries = retries
        self.timeout = timeout

        self.handle = role.manager((host, port))
Exemple #6
0
    def __init__(self, hosts, community, trapoid, varbinds=()):
        """Constructor that specifies the a list of hosts, a community
        string to use for all of the hosts, the OID of the trap, as
        well as a sequence of varbinds.  Each varbind sequence is a
        tuple that contains the OID, type, and value (all of which are
        specified as strings).  For example::

          trap = SnmpTrapEventHandler( \\
                   ("host1", "host2"),
                   "public",
                   "1.3.6.1.4.1.8233.111.1",
                   (("1.3.6.1.4.1.8233.200.1", "OCTETSTRING", "Error"),
                    ("1.3.6.1.4.1.8233.200.2", "INTEGER", 100),
                    ("1.3.6.1.4.1.8233.200.3", "INTEGER", "\\2")))
        
        As an alternative, all of the arguments may be specified as
        strings.  In which case, the following is the expected
        format::

          trap = SnmpTrapEventHandler( \\
                   "host1, host2",
                   "public",
                   "1.3.6.1.4.1.8233.111.1",
                   "1.3.6.1.4.1.8233.200.1: OCTETSTRING: Error
                    1.3.6.1.4.1.8233.200.2: INTEGER: 100
                    1.3.6.1.4.1.8233.200.3: INTEGER: \\2")

        The string formats are designed for external programmatic
        applications (such as an XML rule builder, or GUI front-end.
        """

        if isinstance(hosts, StringType):
            hosts = [x.strip() for x in hosts.split(',') if x]

        self.hosts = [ role.manager((x, 162)) for x in hosts ]
        self.community = community
        self.trapoid = SnmpTrapEventHandler.OBJECTID.encode(trapoid)

        if isinstance(varbinds, StringType):
            varbinds = [x.strip().split(':') 
                        for x in varbinds.split('\n') if x]

        for oid, type, value in varbinds:
            if not hasattr(asn1, type):
                raise TypeError, "SNMP type does not exist: " + type

        self.varbinds = [(SnmpTrapEventHandler.OBJECTID.encode(o), t, v)
                         for o, t, v in varbinds] 
Exemple #7
0
    def __init__(self, host, community="public", version="1", port=161,
                 retries=3, timeout=1, reporttype=None):
        """
        Makes a new Snmp-object.
        host: hostname
        community: community (password), defaults to "public"
        port: port, defaults to "161"
        """
        
        self.host = host
        self.community = community
        self.version = str(version)
        self.port = int(port)
        self.retries = retries
        self.timeout = timeout
        self.reporttype = reporttype

        self.handle = role.manager()
        self.handle.timeout = float(timeout)
Exemple #8
0
    def showOid(self, head_oids):
        # Create SNMP manager object
        client = role.manager((self.target, self.port))

        # Pass it a few options
        client.timeout = self.timeout
        client.retries = self.retries

        # Create a SNMP request&response objects from protocol version
        # specific module.
        try:
            req = v1.GETREQUEST()
            nextReq = v1.GETNEXTREQUEST()
            rsp = v1.GETRESPONSE()

        except (NameError, AttributeError):
            print sys.exc_info()[1]
            return False

        # Store tables headers
        #head_oids = ["1.3.6.1."]

        try:
            # BER encode initial SNMP Object IDs to query
            encoded_oids = map(asn1.OBJECTID().encode, head_oids)
        except:
            print "Error.", sys.exc_info()[1]
            return

        # Traverse agent MIB
        while 1:
            # Encode SNMP request message and try to send it to SNMP agent
            # and receive a response
            (answer, src) = client.send_and_receive(\
                            req.encode(community=self.community, encoded_oids=encoded_oids))

            # Attempt to decode SNMP response
            rsp.decode(answer)

            # Make sure response matches request (request IDs, communities, etc)
            if req != rsp:
                raise Exception('Unmatched response: %s vs %s' %
                                (str(req), str(rsp)))

            # Decode BER encoded Object IDs.
            oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, \
                                           rsp['encoded_oids']))

            # Decode BER encoded values associated with Object IDs.
            vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))

            # Check for remote SNMP agent failure
            if rsp['error_status']:
                # SNMP agent reports 'no such name' when walk is over
                if rsp['error_status'] == 2:
                    # Switch over to GETNEXT req on error
                    # XXX what if one of multiple vars fails?
                    if not (req is nextReq):
                        req = nextReq
                        continue
                    # One of the tables exceeded
                    for l in oids, vals, head_oids:
                        del l[rsp['error_index'] - 1]
                else:
                    raise Exception('SNMP error #' + str(rsp['error_status']) + ' for OID #' \
                          + str(rsp['error_index']))

            # Exclude completed OIDs
            while 1:
                for idx in range(len(head_oids)):
                    if not asn1.OBJECTID(head_oids[idx]).isaprefix(oids[idx]):
                        # One of the tables exceeded
                        for l in oids, vals, head_oids:
                            del l[idx]
                        break
                else:
                    break

            if not head_oids:
                return False

            # Print out results
            for (oid, val) in map(None, oids, vals):
                if str(val) != "":
                    print oidToHuman(oid) + ' = ' + str(val)

            # BER encode next SNMP Object IDs to query
            encoded_oids = map(asn1.OBJECTID().encode, oids)

            # Update request object
            req['request_id'] = req['request_id'] + 1

            # Switch over GETNEXT PDU for if not done
            if not (req is nextReq):
                req = nextReq

        return True
Exemple #9
0
    def snmpenum(self, h_oids, title):
        try:
            from pysnmp import asn1, v1, v2c
            from pysnmp import role
        except:
            self.log("Error: you need pysnmp to use this exploit")
            return 1

        client = role.manager((self.host, 161))
        client.timeout = 1
        client.retries = 5
        t = 0

        req = eval('v' + self.snmpver).GETREQUEST()
        nextReq = eval('v' + self.snmpver).GETNEXTREQUEST()
        rsp = eval('v' + self.snmpver).GETRESPONSE()

        encoded_oids = map(asn1.OBJECTID().encode, h_oids)

        while 1:
            try:
                (answer, src) = client.send_and_receive(
                    req.encode(community=self.community,
                               encoded_oids=encoded_oids))
            except:
                self.log("%s : bad community ?" % self.community)
                return 1

            rsp.decode(answer)

            if req != rsp:
                raise 'Unmatched response: %s vs %s' % (str(req), str(rsp))

            oids = map(lambda x: x[0],
                       map(asn1.OBJECTID().decode, rsp['encoded_oids']))

            vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))

            if rsp['error_status']:
                if rsp['error_status'] == 2:
                    if not (req is nextReq):
                        req = nextReq
                        continue
                    for l in oids, vals, h_oids:
                        del l[rsp['error_index'] - 1]
                else:
                    raise 'SNMP error #' + str(
                        rsp['error_status']) + ' for OID #' + str(
                            rsp['error_index'])

            while 1:
                for idx in range(len(h_oids)):
                    if not asn1.OBJECTID(h_oids[idx]).isaprefix(oids[idx]):
                        for l in oids, vals, h_oids:
                            del l[idx]
                        break
                else:
                    break

            if not h_oids:
                return 0

            if not t:
                self.log("[#] %s" % title)
                t += 1

            for (oid, val) in map(None, oids, vals):
                self.log(str(val))

            encoded_oids = map(asn1.OBJECTID().encode, oids)

            req['request_id'] = req['request_id'] + 1

            if not (req is nextReq):
                req = nextReq
        return 0
Exemple #10
0
    def showOid(self, head_oids):
        # Create SNMP manager object
        client = role.manager((self.target, self.port))
        
        # Pass it a few options
        client.timeout = self.timeout
        client.retries = self.retries
        
        # Create a SNMP request&response objects from protocol version
        # specific module.
        try:
            req = v1.GETREQUEST()
            nextReq = v1.GETNEXTREQUEST()
            rsp = v1.GETRESPONSE()

        except (NameError, AttributeError):
            print sys.exc_info()[1]
            return False
        
        # Store tables headers
        #head_oids = ["1.3.6.1."]
        
        try:
            # BER encode initial SNMP Object IDs to query
            encoded_oids = map(asn1.OBJECTID().encode, head_oids)
        except:
            print "Error.", sys.exc_info()[1]
            return

        # Traverse agent MIB
        while 1:
            # Encode SNMP request message and try to send it to SNMP agent
            # and receive a response
            (answer, src) = client.send_and_receive(\
                            req.encode(community=self.community, encoded_oids=encoded_oids))
        
            # Attempt to decode SNMP response
            rsp.decode(answer)
        
            # Make sure response matches request (request IDs, communities, etc)
            if req != rsp:
                raise Exception('Unmatched response: %s vs %s' % (str(req), str(rsp)))
        
            # Decode BER encoded Object IDs.
            oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, \
                                           rsp['encoded_oids']))
        
            # Decode BER encoded values associated with Object IDs.
            vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))
        
            # Check for remote SNMP agent failure
            if rsp['error_status']:
                # SNMP agent reports 'no such name' when walk is over
                if rsp['error_status'] == 2:
                    # Switch over to GETNEXT req on error
                    # XXX what if one of multiple vars fails?
                    if not (req is nextReq):
                        req = nextReq                
                        continue
                    # One of the tables exceeded
                    for l in oids, vals, head_oids:
                        del l[rsp['error_index']-1]
                else:
                    raise Exception('SNMP error #' + str(rsp['error_status']) + ' for OID #' \
                          + str(rsp['error_index']))
        
            # Exclude completed OIDs
            while 1:
                for idx in range(len(head_oids)):
                    if not asn1.OBJECTID(head_oids[idx]).isaprefix(oids[idx]):
                        # One of the tables exceeded
                        for l in oids, vals, head_oids:
                            del l[idx]
                        break
                else:
                    break
        
            if not head_oids:
                return False

            # Print out results
            for (oid, val) in map(None, oids, vals):
                if str(val) != "":
                    print oidToHuman(oid) + ' = ' + str(val)

            # BER encode next SNMP Object IDs to query
            encoded_oids = map(asn1.OBJECTID().encode, oids)

            # Update request object
            req['request_id'] = req['request_id'] + 1
        
            # Switch over GETNEXT PDU for if not done
            if not (req is nextReq):
                req = nextReq

        return True
   crit = arg[opt.index('-c')]
if '-w' in opt:
   warn = arg[opt.index('-w')]
if '-n' in opt:
   netip = arg[opt.index('-n')]
else:
   err = 1
   msgerr.append('Network address is missing! The -n option is mandatory ;)')

if err == 1:
   for i in msgerr:
      print i
   sys.exit(3)

oid = ['1.3.6.1.4.1.311.1.3.2.1.1.3.'+netip]
client = role.manager((addr, port))

req = eval('v' + vers).GETREQUEST()
rsp = eval('v' + vers).GETRESPONSE()
(answer, src) = client.send_and_receive(req.encode(community=comm, encoded_oids=map(asn1.OBJECTID().encode, oid)))
rsp.decode(answer)

oids = map(lambda x: x[0], map(asn1.OBJECTID().decode, rsp['encoded_oids']))
vals = map(lambda x: x[0](), map(asn1.decode, rsp['encoded_vals']))

if vals[0] == '':
   print 'DHCP UNKNOWN'
   sys.exit(3)
elif vals[0] <= crit:
   print 'DHCP CRITICAL:',  str(vals[0])
   sys.exit(2)