Here we will try to enumerate all that we could using an unprotected SNMP on an XP machine.
Let us load up msfconsole and use this auxiliary scanner.
msf > use auxiliary/scanner/snmp/snmp_enum
Let us set the RHOST to 192.168.1.17
msf auxiliary(snmp_enum) > show options
Module options (auxiliary/scanner/snmp/snmp_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
COMMUNITY public yes SNMP Community String
RETRIES 1 yes SNMP Retries
RHOSTS 192.168.1.17 yes The target address range or CIDR identifier
RPORT 161 yes The target port
THREADS 1 yes The number of concurrent threads
TIMEOUT 1 yes SNMP Timeout
VERSION 1 yes SNMP Version <1/2c>
Let the enumeration begin :-)
msf auxiliary(snmp_enum) > run
[*] 192.168.1.17, Connected.
[*] System information
Host IP : 192.168.1.17
Hostname : TEST-COMP
Description : Hardware: x86 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
Contact : -
Location : -
Uptime snmp : 4 days, 08:42:26.92
Uptime system : 00:04:07.25
System date : 2012-7-8 22:23:32.0
User accounts:
["Admin"]
["Guest"]
["Analyst"]
["Administrator"]
["HelpAssistant"]
["SUPPORT_388945a0"]
Network information:
IP forwarding enabled : no
Default TTL : 128
TCP segments received : 16205
TCP segments sent : 7460
TCP segments retrans : 7576
Input datagrams : 20191
Delivered datagrams : 20192
Output datagrams : 16540
Network interfaces:
Interface : [ unknown ] AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Id : 2
Mac Address : 08:00:27:1a:c8:46
Type : unknown
Speed : 100 Mbps
MTU : 1500
In octets : 8255084
Out octets : 1517158
Network IP:
Id IP Address Netmask Broadcast
1 127.0.0.1 255.0.0.0 1
2 192.168.1.17 255.255.255.0 1
Routing information:
Destination Next hop Mask Metric
0.0.0.0 192.168.1.1 0.0.0.0 20
127.0.0.0 127.0.0.1 255.0.0.0 1
192.168.1.0 192.168.1.17 255.255.255.0 20
192.168.1.17 127.0.0.1 255.255.255.255 20
192.168.1.255 192.168.1.17 255.255.255.255 20
224.0.0.0 192.168.1.17 240.0.0.0 20
255.255.255.255 192.168.1.17 255.255.255.255 1
TCP connections and listening ports:
192.168.1.17 1430 192.168.1.16 80 unknown
192.168.1.17 1431 192.168.1.16 80 unknown
192.168.1.17 1433 192.168.1.16 3333 unknown
192.168.1.17 4444 192.168.1.16 44817 unknown
Listening UDP ports:
Local address Local port
0.0.0.0 161
0.0.0.0 162
Network services:
Index Name
0 Server
7 SNMP Service
21 SNMP Trap Service
Storage information:
Description : ["C:\\ Label: Serial Number 501d446f"]
Device id : [1]
Filesystem type : ["Fixed Disk"]
Device unit : [4096]
Memory size : 9.99 GB
Memory used : 3.47 GB
Description : ["Physical Memory"]
Device id : [4]
Filesystem type : ["Ram"]
Device unit : [65536]
Memory size : 511.44 MB
Memory used : 349.00 MB
Software components:
Id Status Name Path Parameters
1 Microsoft Office Enterprise 200
2 Oracle VM VirtualBox Guest Addi
3 Python 2.7 PIL-1.1.7
4 J2SE Runtime Environment 5.0 Up
5 Python 2.7.1
6 WebFldrs XP
7 Adobe Reader 9.4.0
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(snmp_enum) >
Let us load up msfconsole and use this auxiliary scanner.
msf > use auxiliary/scanner/snmp/snmp_enum
Let us set the RHOST to 192.168.1.17
msf auxiliary(snmp_enum) > show options
Module options (auxiliary/scanner/snmp/snmp_enum):
Name Current Setting Required Description
---- --------------- -------- -----------
COMMUNITY public yes SNMP Community String
RETRIES 1 yes SNMP Retries
RHOSTS 192.168.1.17 yes The target address range or CIDR identifier
RPORT 161 yes The target port
THREADS 1 yes The number of concurrent threads
TIMEOUT 1 yes SNMP Timeout
VERSION 1 yes SNMP Version <1/2c>
Let the enumeration begin :-)
msf auxiliary(snmp_enum) > run
[*] 192.168.1.17, Connected.
[*] System information
Host IP : 192.168.1.17
Hostname : TEST-COMP
Description : Hardware: x86 Family 6 Model 23 Stepping 6 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Uniprocessor Free)
Contact : -
Location : -
Uptime snmp : 4 days, 08:42:26.92
Uptime system : 00:04:07.25
System date : 2012-7-8 22:23:32.0
User accounts:
["Admin"]
["Guest"]
["Analyst"]
["Administrator"]
["HelpAssistant"]
["SUPPORT_388945a0"]
Network information:
IP forwarding enabled : no
Default TTL : 128
TCP segments received : 16205
TCP segments sent : 7460
TCP segments retrans : 7576
Input datagrams : 20191
Delivered datagrams : 20192
Output datagrams : 16540
Network interfaces:
Interface : [ unknown ] AMD PCNET Family PCI Ethernet Adapter - Packet Scheduler Miniport
Id : 2
Mac Address : 08:00:27:1a:c8:46
Type : unknown
Speed : 100 Mbps
MTU : 1500
In octets : 8255084
Out octets : 1517158
Network IP:
Id IP Address Netmask Broadcast
1 127.0.0.1 255.0.0.0 1
2 192.168.1.17 255.255.255.0 1
Routing information:
Destination Next hop Mask Metric
0.0.0.0 192.168.1.1 0.0.0.0 20
127.0.0.0 127.0.0.1 255.0.0.0 1
192.168.1.0 192.168.1.17 255.255.255.0 20
192.168.1.17 127.0.0.1 255.255.255.255 20
192.168.1.255 192.168.1.17 255.255.255.255 20
224.0.0.0 192.168.1.17 240.0.0.0 20
255.255.255.255 192.168.1.17 255.255.255.255 1
TCP connections and listening ports:
192.168.1.17 1430 192.168.1.16 80 unknown
192.168.1.17 1431 192.168.1.16 80 unknown
192.168.1.17 1433 192.168.1.16 3333 unknown
192.168.1.17 4444 192.168.1.16 44817 unknown
Listening UDP ports:
Local address Local port
0.0.0.0 161
0.0.0.0 162
Network services:
Index Name
0 Server
7 SNMP Service
21 SNMP Trap Service
Storage information:
Description : ["C:\\ Label: Serial Number 501d446f"]
Device id : [1]
Filesystem type : ["Fixed Disk"]
Device unit : [4096]
Memory size : 9.99 GB
Memory used : 3.47 GB
Description : ["Physical Memory"]
Device id : [4]
Filesystem type : ["Ram"]
Device unit : [65536]
Memory size : 511.44 MB
Memory used : 349.00 MB
Software components:
Id Status Name Path Parameters
1 Microsoft Office Enterprise 200
2 Oracle VM VirtualBox Guest Addi
3 Python 2.7 PIL-1.1.7
4 J2SE Runtime Environment 5.0 Up
5 Python 2.7.1
6 WebFldrs XP
7 Adobe Reader 9.4.0
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(snmp_enum) >
No comments:
Post a Comment