##
# This module requires Metasploit: https:\/\/metasploit.com\/download
# Current source: https:\/\/github.com\/rapid7\/metasploit-framework
##<\/p>\n
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SNMPClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
include SNMP<\/p>\n
def initialize
super(
‘Name’ => ‘SNMP Windows Username Enumeration’,
‘Description’ => ‘
This module will use LanManager\/psProcessUsername OID values to
enumerate local user accounts on a Windows\/Solaris system via SNMP
‘,
‘Author’ => [‘tebo[at]attackresearch.com’],
‘License’ => MSF_LICENSE
)
end<\/p>\n
def run_host(ip)
peer = “#{ip}:#{rport}”
begin
snmp = connect_snmp<\/p>\n
sys_desc = snmp.get_value(‘sysDescr.0’)
if sys_desc.blank? || sys_desc.to_s == ‘Null’
vprint_error(“#{peer} No sysDescr received”)
return
end
sys_desc = sys_desc.split(\/[\\r\\n]\/).join(‘ ‘)<\/p>\n
sys_desc_map = {
\/Windows\/ => ‘1.3.6.1.4.1.77.1.2.25’,
\/Sun\/ => ‘1.3.6.1.4.1.42.3.12.1.8’
}<\/p>\n
matching_oids = sys_desc_map.select { |re, _| sys_desc =~ re }.values
if matching_oids.empty?
vprint_warning(“#{peer} Skipping unsupported sysDescr: ‘#{sys_desc}'”)
return
end
users = []\n
matching_oids.each do |oid|
snmp.walk(oid) do |row|
row.each { |val| users << val.value.to_s }
end
end
unless users.empty?
users.sort!
users.uniq!
print_good(“#{peer} Found #{users.size} users: #{users.join(‘, ‘)}”)
end<\/p>\n
report_note(
host: rhost,
port: rport,
proto: ‘udp’,
sname: ‘snmp’,
update: :unique_data,
type: ‘snmp.users’,
data: users
)
rescue SNMP::ParseError
print_error(“#{ip} Encountered an SNMP parsing error while trying to enumerate the host.”)
rescue ::SNMP::RequestTimeout, ::SNMP::UnsupportedVersion
# too noisy for a scanner
ensure
disconnect_snmp
end
end
end<\/p>\n","protected":false},"excerpt":{"rendered":"
### This module requires Metasploit: https:\/\/metasploit.com\/download# Current source: https:\/\/github.com\/rapid7\/metasploit-framework## class MetasploitModule < Msf::Auxiliaryinclude Msf::Exploit::Remote::SNMPClientinclude Msf::Auxiliary::Reportinclude Msf::Auxiliary::Scannerinclude SNMP def initializesuper(‘Name’ => ‘SNMP Windows Username Enumeration’,‘Description’ => ‘This module will use LanManager\/psProcessUsername OID values toenumerate local user accounts on a Windows\/Solaris system via SNMP‘,‘Author’ => [‘tebo[at]attackresearch.com’],‘License’ => MSF_LICENSE)end def run_host(ip)peer = “#{ip}:#{rport}”beginsnmp = connect_snmp sys_desc = snmp.get_value(‘sysDescr.0’)if …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59338","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59338"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59338\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}