SNMP TCP support #19064
SNMP TCP support #19064
Conversation
| def recv_wrapper(sock, max_size, timeout) | ||
| res = nil | ||
| if protocol == 'udp' | ||
| res = sock.recvfrom(max_size, timeout) | ||
| end | ||
|
|
||
| if protocol == 'tcp' | ||
| ready = ::IO.select([sock], nil, nil, timeout) | ||
| if ready | ||
| res = sock.recv_nonblock(max_size) | ||
| # Put into an array to mimic recvfrom | ||
| res = [res, host, port] | ||
| else | ||
| # print("timeout\n") | ||
| end | ||
| end | ||
|
|
||
| return res | ||
| end | ||
|
|
There was a problem hiding this comment.
It looks like this could be cleaned up just a touch.
| def recv_wrapper(sock, max_size, timeout) | |
| res = nil | |
| if protocol == 'udp' | |
| res = sock.recvfrom(max_size, timeout) | |
| end | |
| if protocol == 'tcp' | |
| ready = ::IO.select([sock], nil, nil, timeout) | |
| if ready | |
| res = sock.recv_nonblock(max_size) | |
| # Put into an array to mimic recvfrom | |
| res = [res, host, port] | |
| else | |
| # print("timeout\n") | |
| end | |
| end | |
| return res | |
| end | |
| def recv_wrapper(sock, max_size, timeout) | |
| res = nil | |
| if protocol == 'udp' | |
| res = sock.recvfrom(max_size, timeout) | |
| elsif protocol == 'tcp' | |
| ready = ::IO.select([sock], nil, nil, timeout) | |
| if ready | |
| res = sock.recv_nonblock(max_size) | |
| # Put into an array to mimic recvfrom | |
| res = [res, host, port] | |
| end | |
| end | |
| res | |
| end | |
It also looks like the only place this is used just wants the response. You could normalize on just returning data when it's received and nil otherwise.
| klass = ::Rex::Socket::Udp | ||
|
|
||
| if protocol == 'tcp' | ||
| klass = ::Rex::Socket::Tcp | ||
| end | ||
|
|
||
| self.sock = klass.create({ |
There was a problem hiding this comment.
Rex::Socket actually provides a Proto argument for exactly this purpose. You should be able to just call ::Rex::Socket.create and pass Proto in the hash as either tcp or udp.
There was a problem hiding this comment.
Cool, didn't know that - documentation for Rex::Socket is a bit scarce - thank you for pointing that out
2. Use ::Rex::Socket create's Proto
|
Any chance you know of like a docker container or something that'll start an SNMP service listening on a TCP socket that I can use for testing? I've tried a few so far with no luck. |
|
I put it in the original issue ticket, here it is as well: Lets start with getting a testing environment (listen on TCP and UDP) Make sure it is (docker) working as expected |
There was a problem hiding this comment.
Thanks! I was able to confirm that everything appears to be working as intended. I was able to test both version 1 and 2c with the new TCP protocol support with the docker.io/polinux/snmpd image. I also tested that UDP is still working with a target printer I have.
metasploit-framework (S:0 J:0) auxiliary(scanner/snmp/snmp_login) > run PROTOCOL=tcp VERSION=2c
[+] 127.1.1.1:161 - Login Successful: public (Access level: read-only); Proof (sysDescr.0): Linux b33cb77ccba4 6.7.9-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 6 19:35:04 UTC 2024 x86_64
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
metasploit-framework (S:0 J:0) auxiliary(scanner/snmp/snmp_login) > run PROTOCOL=tcp VERSION=1
[+] 127.1.1.1:161 - Login Successful: public (Access level: read-only); Proof (sysDescr.0): Linux b33cb77ccba4 6.7.9-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Mar 6 19:35:04 UTC 2024 x86_64
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
metasploit-framework (S:0 J:0) auxiliary(scanner/snmp/snmp_login) > run PROTOCOL=udp RHOSTS=192.168.250.7 VERSION=1
[+] 192.168.159.7:161 - Login Successful: internal (Access level: read-write); Proof (sysDescr.0): Brother NC-8800w, Firmware Ver.Z ,MID 8C5-K8JFID 2
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
metasploit-framework (S:0 J:0) auxiliary(scanner/snmp/snmp_login) >
Release NotesThis adds support to the |
Related to #9649