Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNMP Exploiter Research #3198

Closed
1 of 3 tasks
mssalvatore opened this issue Apr 5, 2023 · 0 comments · Fixed by #3237, #3246 or #3259
Closed
1 of 3 tasks

SNMP Exploiter Research #3198

mssalvatore opened this issue Apr 5, 2023 · 0 comments · Fixed by #3237, #3246 or #3259
Assignees
@cakekoa @ordabach
Labels
Complexity: Low Exploit Impact: High Plugins Spike A small chunk of work with the objective of gathering information.

Comments

@mssalvatore
Copy link
Collaborator

mssalvatore commented Apr 5, 2023
edited
Loading

Spike

Objective

We would like to build an exploiter that uses SNMP to achive lateral movement. The goal of this spike is to understand how SNMP can be abused to execute commands and thus be used for lateral movement.

Resources

https://rioasmara.com/2021/02/05/snmp-arbitary-command-execution-and-shell/
etingof/pysnmp#429

Output

  • A POC script that can be used as the basis for an SNMP exploiter.
  • A SNMP instance in GCP (PR 3198 snmp zoo instance #3237) (0.25d)
  • Add another packer example (0.5d)

Answer:

  • Can this be used on Linux? Yes
  • Can this be used on Windows?
  • How likely is this to be exploitable? Does it depend on an uncommon misconfiguration?
    • Requires SNMP community with write permissions. This may be the default configuration
@mssalvatore mssalvatore added Impact: High Complexity: Low Spike A small chunk of work with the objective of gathering information. Exploit Plugins labels Apr 5, 2023
This was referenced Apr 21, 2023
Merged
Merged
cakekoa added a commit that referenced this issue Apr 24, 2023
@cakekoa
Merge branch '3198-snmp-zoo-instance' into develop
2542aa2 
Issue #3198
PR #3237
mssalvatore added a commit that referenced this issue Apr 24, 2023
@mssalvatore
Merge branch '3198-tunneling-9-image' into develop
b3974ff 
Issue #3198
PR #3246
@cakekoa cakekoa mentioned this issue Apr 26, 2023
Merged
10 tasks
mssalvatore added a commit that referenced this issue Apr 26, 2023
@mssalvatore
Merge branch '3198-remove-sshguard' into develop
0ddca71 
Issue #3198
PR #3259
@shreyamalviya shreyamalviya mentioned this issue May 4, 2023
Closed
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cakekoa cakekoa

@ordabach ordabach

Labels
Complexity: Low Exploit Impact: High Plugins Spike A small chunk of work with the objective of gathering information.
Projects
None yet
Milestone
No milestone
3 participants
@cakekoa @mssalvatore @ordabach