SNMP scan for certs - Printable Version +- Haxorware Forums (http://www.haxorware.com/forums) +-- Forum: General (http://www.haxorware.com/forums/forumdisplay.php?fid=6) +--- Forum: Modems (http://www.haxorware.com/forums/forumdisplay.php?fid=7) +--- Thread: SNMP scan for certs (/showthread.php?tid=1056) |
SNMP scan for certs - torro32 - 03-11-2011 Hi, snmp scan is enabled on my isp, I can scan with mib browser and mib walk. I also see in the list oids with certs, seems encrypted. Neither FastCert or the snmpcertthread (none version) doesn't find any certs. Snmpcertthread one version does find some modems in factory mode, but find no certs. How can I manually try to download certs, since snmp scanning is not blocked, I know all the info about modem but don't know how to dw certs. Thanks RE: SNMP scan for certs - torro32 - 03-11-2011 could you please help me with oids, I know what is for docsBpi2CmPublicKey, while docsBpi2CmDeviceCmCert should be for BPI+ CM Certificate, docsBpi2CmDeviceManufCert is BPI+ CA Certificate, is that right ? I can't find nowhere what are the oids for the BPI Private Key and for BPI+ Root Public Key Network is docsis 3.0. Oid for docsBpi2CmPublicKey is 1.3.6.1.2.1.10.127.6.1.1.1.1.2.2 . What is then oid for Private key and for BPI+ Root Public Key ? RE: SNMP scan for certs - Bugman1400 - 05-11-2011 (03-11-2011, 02:42 PM)torro32 Wrote: could you please help me with oids, I know what is for docsBpi2CmPublicKey, while docsBpi2CmDeviceCmCert should be for From your config file, what are your public keys? Also, what is the name of your config file? If your config file is dynamic then, you can forget trying to OID into another modem. RE: SNMP scan for certs - badinstincts - 05-11-2011 my config is dynamic, and i can read oids from other modems no problem. the problem is the modems that are not in factory mode, i cant get their private key and root key (dont really need the root key, but the private key is definitely needed). unless there is an oid that is unlisted in the mibs, or if i can get that modem into factory mode then i can read the factory mib... RE: SNMP scan for certs - torro32 - 05-11-2011 my configs are not dynamic. There are some modems on the network that are in the factory mode. I know their IP's. Private and Root oids are not listed when snmpwalk. I am interested for 5101 keys. For example oid for public key is 1.3.6.1.2.1.10.127.6.1.1.1.1.2.2 How to find what is oid for root and private key ? RE: SNMP scan for certs - Bugman1400 - 06-11-2011 I don't think OID requests work on areas with dynamic configs since the SNMP Community String will be different on each CM unless you know the CMs community string. To find it, just look in the config file. If you are in an area that does not have dynamic configs and OID requests still work, consider yourself very lucky. It is only a matter of time. see below....... 18d. Factory mode OID list for Motorola cable modems AKA FACTORY MIB’s for Factory mode This list is generic among Motorola cable modems SB3100, SB4100, SB4101, SB4200, SB4220, SB5100, SB5101, SBG900 and probably more, HOWEVER some OID's will not exist on some modems, E.g. (cmFactoryBCMGroup oid's) To execute code, only exist in SB5100, SB5101 and SBG900) cmPrivateArpFilterGroup 1.3.6.1.4.1.1166.1.19.2 1.3.6.1.4.1.1166.1.19.2.1.0 cmArpFilterEnabled 1.3.6.1.4.1.1166.1.19.2.2.0 cmArpFilterInterval 1.3.6.1.4.1.1166.1.19.2.3.0 cmArpFilterLimit 1.3.6.1.4.1.1166.1.19.2.4.0 cmArpFilterInArps 1.3.6.1.4.1.1166.1.19.2.5.0 cmArpFilterOutArps 1.3.6.1.4.1.1166.1.19.2.6.0 cmArpFilterInArpsThisFilter cmConfigPrivateBaseGroup 1.3.6.1.4.1.1166.1.19.3 cmConfigFreqObjectsGroup 1.3.6.1.4.1.1166.1.19.3.1 1.3.6.1.4.1.1166.1.19.3.1.1.0 cmConfigFreq1 1.3.6.1.4.1.1166.1.19.3.1.2.0 cmConfigFreq2 1.3.6.1.4.1.1166.1.19.3.1.3.0 cmConfigFreq3 1.3.6.1.4.1.1166.1.19.3.1.8.0 cmFreqPlanType 1.3.6.1.4.1.1166.1.19.3.1.11.0 cmUpstreamChannelId1 1.3.6.1.4.1.1166.1.19.3.1.12.0 cmCarrierFrequencyOffset 1.3.6.1.4.1.1166.1.19.3.1.14.0 cmSnmpHFCPort 1.3.6.1.4.1.1166.1.19.3.1.15.0 cmSnmpHFCTrapPort 1.3.6.1.4.1.1166.1.19.3.1.17.0 cmSnmpDisplayHtml 1.3.6.1.4.1.1166.1.19.3.1.18.0 cmResetToDefaults 1.3.6.1.4.1.1166.1.19.3.1.19.0 cmStandbyMode 1.3.6.1.4.1.1166.1.19.3.1.20.0 cmHybridMode 1.3.6.1.4.1.1166.1.19.3.1.21.0 cmUpstreamChannelId3 1.3.6.1.4.1.1166.1.19.3.1.22.0 cmUpstreamPower1 1.3.6.1.4.1.1166.1.19.3.1.23.0 cmUpstreamPower2 1.3.6.1.4.1.1166.1.19.3.1.24.0 cmUpstreamPower3 1.3.6.1.4.1.1166.1.19.3.1.25.0 cmDocsis20Capable 1.3.6.1.4.1.1166.1.19.3.1.26.0 cmUpstreamChannelId2 cmPrivateFactoryGroup 1.3.6.1.4.1.1166.1.19.4 1.3.6.1.4.1.1166.1.19.4.1.0 cmFactoryVersion 1.3.6.1.4.1.1166.1.19.4.2.0 cmFactoryDbgBootEnable 1.3.6.1.4.1.1166.1.19.4.3.0 cmFactoryEnetMacAddr 1.3.6.1.4.1.1166.1.19.4.4.0 cmFactoryHfcMacAddr 1.3.6.1.4.1.1166.1.19.4.6.0 cmFactorySerialNumber 1.3.6.1.4.1.1166.1.19.4.9.0 cmFactoryClearFreq1 1.3.6.1.4.1.1166.1.19.4.10.0 cmFactoryClearFreq2 1.3.6.1.4.1.1166.1.19.4.11.0 cmFactoryClearFreq3 1.3.6.1.4.1.1166.1.19.4.12.0 cmFactorySetReset 1.3.6.1.4.1.1166.1.19.4.13.0 cmFactoryClrConfigAndLog 1.3.6.1.4.1.1166.1.19.4.14.0 cmFactoryPingIpAddr 1.3.6.1.4.1.1166.1.19.4.15.0 cmFactoryPingNumPkts 1.3.6.1.4.1.1166.1.19.4.16.0 cmFactoryPingNow 1.3.6.1.4.1.1166.1.19.4.17.0 cmFactoryPingCount 1.3.6.1.4.1.1166.1.19.4.28.0 cmFactoryCliFlag 1.3.6.1.4.1.1166.1.19.4.29.0 cmFactoryDisableMib 1.3.6.1.4.1.1166.1.19.4.30.0 cmFactoryUpstreamPowerCalibration1 1.3.6.1.4.1.1166.1.19.4.50.0 cmFactoryBigRSAPublicKey 1.3.6.1.4.1.1166.1.19.4.51.0 cmFactoryBigRSAPrivateKey 1.3.6.1.4.1.1166.1.19.4.52.0 cmFactoryCMCertificate 1.3.6.1.4.1.1166.1.19.4.53.0 cmFactoryManCertificate 1.3.6.1.4.1.1166.1.19.4.54.0 cmFactoryRootPublicKey 1.3.6.1.4.1.1166.1.19.4.55.0 cmFactoryCodeSigningTime 1.3.6.1.4.1.1166.1.19.4.56.0 cmFactoryCVCValidityStartTime 1.3.6.1.4.1.1166.1.19.4.58.0 cmFactoryCMManufacturerName 1.3.6.1.4.1.1166.1.19.4.59.0 cmFactoryHtmlReadOnly 1.3.6.1.4.1.1166.1.19.4.60.0 cmFactoryCmUsbMacAddr 1.3.6.1.4.1.1166.1.19.4.61.0 cmFactoryCpeUsbMacAddr 1.3.6.1.4.1.1166.1.19.4.62.0 cmFactoryCmAuxMacAddr 1.3.6.1.4.1.1166.1.19.4.63.0 cmFactoryTunerId 1.3.6.1.4.1.1166.1.19.4.64.0 cmFactoryHwRevision 1.3.6.1.4.1.1166.1.19.4.65.0 cmFactoryUsAmpId 1.3.6.1.4.1.1166.1.19.4.66.0 cmFactory80211RegDomain 1.3.6.1.4.1.1166.1.19.4.67.0 cmFactoryResidentialGatewayEnable 1.3.6.1.4.1.1166.1.19.4.70.0 cmFactoryFWFeatureID 1.3.6.1.4.1.1166.1.19.4.90.0 cmFactorySwServer 1.3.6.1.4.1.1166.1.19.4.91.0 cmFactorySwFilename 1.3.6.1.4.1.1166.1.19.4.92.0 cmFactorySwDownloadNow 1.3.6.1.4.1.1166.1.19.4.93.0 cmFactoryGwAppPublicKey 1.3.6.1.4.1.1166.1.19.4.94.0 cmFactoryGwAppPrivateKey 1.3.6.1.4.1.1166.1.19.4.95.0 cmFactoryGwAppRootPublicKey 1.3.6.1.4.1.1166.1.19.4.31 cmFactoryDownstreamCalibrationGroup RE: SNMP scan for certs - torro32 - 06-11-2011 i am not getting any response from those certs oids. My public key is docsBpi2CmPublicKey 1.3.6.1.2.1.10.127.6.1.1.1.1.2.2 , CM is docsBpi2CmDeviceCmCert 1.3.6.1.2.1.10.127.6.1.1.4.1.1.1.2 and CA is docsBpi2CmDeviceManufCert 1.3.6.1.2.1.10.127.6.1.1.4.1.1.2.2 Everything according to a cisco SNMP object navigator http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=docsBpi2CmPublicKey oids for private and root key are not listed when snmpwalk. OID request does work. RE: SNMP scan for certs - badinstincts - 06-11-2011 hmmm, i'm starting to think your right about the specific community strings to each modem. but which one is it in the config. i tried the 3 at the top of the config but i still cannot snmp into my own modem... help me please RE: SNMP scan for certs - Bugman1400 - 06-11-2011 (06-11-2011, 04:48 AM)badinstincts Wrote: hmmm, i'm starting to think your right about the specific community strings to each modem. but which one is it in the config. i tried the 3 at the top of the config but i still cannot snmp into my own modem... help me please If you have 3 Community Strings, the third, more complicated looking, one is the one you need. It should be about 15 characters long. The CMTS uses that string to talk to your CM. RE: SNMP scan for certs - badinstincts - 06-11-2011 (06-11-2011, 07:12 PM)Bugman1400 Wrote:(06-11-2011, 04:48 AM)badinstincts Wrote: hmmm, i'm starting to think your right about the specific community strings to each modem. but which one is it in the config. i tried the 3 at the top of the config but i still cannot snmp into my own modem... help me please yea the first 2 are the usual ones i've been using for years. not really directly snmping myself, i just learned some net-snmp commands recently, but with programs that ask for the community string. but i cant snmp into my sb5101 at all with haxorware, i changed ports, tried with and without disable snmp agent, i did find the snmp folder in cd /n/s i tried the default command but nothing... still cant snmp into my modem after it registers... |