Monday, December 24, 2018

Man-in-the-Middle (MITM) Attack Using Cain & Abel

A man-in-the-middle attack results when attackers place themselves in line between two devices that are communicating, with the intent of performing reconnaissance or manipulating the data as it moves between the devices. This can happen at Layer 2 or Layer 3. The main purpose is eavesdropping, so the attacker can see all the traffic.

If this happens at Layer 2, the attacker spoofs Layer 2 MAC addresses to make the devices on a LAN believe that the Layer 2 address of the attacker is the Layer 2 address of its default gateway. This is called “ARP poisoning.” Frames that are supposed to go to the default gateway are forwarded by the switch to the Layer 2 address of the attacker on the same network. To mitigate this risk, you could use techniques such as dynamic Address Resolution Protocol (ARP) inspection (DAI) on switches to prevent spoofing of the Layer 2 addresses.

A man-in-the-middle attack can occur at Layer 3 by placing a rogue router on the network and then tricking the other routers into believing that this new router has a better path. This could cause network traffic to flow through the rogue router and again allow the attacker to steal network data. You can mitigate attacks such as these in various ways, including using routing authentication protocols and filtering information from being advertised or learned on specific interfaces.

A man-in-the-middle attack can occur by compromising the victim’s machine and installing malware that can intercept the packets sent by the victim and sending them to the attacker. This type of malware can capture packets before they are encrypted if the victim is using SSL/TLS/HTTPS or
any other mechanism.

To safeguard data in motion, one of the best things you can do is to use encryption for the confidentiality of the data in transit. If you use plaintext protocols for management, such as Telnet or HTTP, an attacker who has implemented a man-in-the-middle attack can see the contents of your
cleartext data packets, and as a result will see everything that goes across his device, including usernames and passwords that are used. Using management protocols that have encryption built in, such as Secure Shell (SSH) and Hypertext Transfer Protocol Secure (HTTPS), is considered a
best practice, and using VPN protection for cleartext sensitive data is also considered a best practice.


I simulated a Man-in-the-Middle (MITM) attack in my Cybersecurity Lab using a tool called Cain & Abel. Download v4.9.56 for Windows NT/2000/XP and just follow the installation wizard.


It will also install WinPcap (usually comes with Wireshark installation).


Click Start/Stop Sniffer


Select the Adapter > click OK.


A warning message will pop-up > click OK > click again Start/Stop Sniffer icon.


The active LAN hosts will be displayed under Sniffer > Hosts tab.


Go to Sniffer > APR (ARP Poison Routing).

Click on the area under Status (where the pointer is) > the + symbol will turn from gray to blue > click on the + symbol.


Click on the hosts to hijack the session: click 192.168.1.110 (Kali) on the left and 192.168.1.120 (Metasploitable2) > click OK 


Click Start/Stop APR icon to perform a Man-in-the-Middle (MITM) attack between the selected hosts.


Generate traffic between Kali and Metasploitable hosts.


Notice the APR Status will change from Idle to Poisoning and Packets counter increased.


Go to Sniffer > Passwords tab > Telnet (notice there's a count of 1).



Right-click on the sniffed Telnet session > View


Noticed the displayed password in clear text (msfadmin).


You can remove the APR session by doing a right-click > Remove.


I ran APR again between 192.168.1.100 (Windows 10 machine) and 192.168.1.1 (ASA5506-X).


I tried to SSH to the ASA firewall from Windows 10 machine.


Notice the APR-SSH count became 1 and Cain & Abel detected the routed packets to the Internet.


Go to Sniffer > APR > click APR SSH-1 > right-click on the SSH session > View


Noticed SSH traffic is encrypted and hides the username and passwords. So it's best practice to use secure management protocols such as SSH (or use VPN) in your network.


Posted by at No comments:

Friday, December 7, 2018

Metasploit, NetBIOS and SNMP Enumeration

Packaging exploits and then using them can be quite challenging, particularly for those who are not experts in the technologies, systems, or services that the exploits target. Historically, that
meant that each exploit had to be independently packaged or required a custom delivery tool. The Metasploit framework changed that by integrating exploit packages, delivery methods, remote shells, and other tools into a single framework.

Metasploit allows exploit developers to build Metasploit compatible packages and then release them knowing that they will work with other Metasploit modules. To use a Metasploit exploit, you just need to know the target, the exploit, and what you want to have Metasploit deliver if the exploit succeeds.


NetBIOS Enumeration

To open Zenmap (GUI version for Nmap) in Kali Linux, go to Applications > Information Gathering > zenmap.


 Or issue zenmap on a Terminal.


Type the Target IP address (192.168.1.130 in this case) > change Command to -O (OS)

Notice TCP 139 (NetBIOS) is open.
 

Open a command prompt (my Windows 10 machine in this case) > issue a nbtstat.


C:\Users\Administrator>nbtstat -A 192.168.1.130

Ethernet:
Node IpAddress: [192.168.1.100] Scope Id: []

           NetBIOS Remote Machine Name Table

       Name               Type         Status
    ---------------------------------------------
    WIN-7V0EVV4BKQJ<00>  UNIQUE      Registered
    WORKGROUP      <00>  GROUP       Registered
    WIN-7V0EVV4BKQJ<20>  UNIQUE      Registered
    WORKGROUP      <1E>  GROUP       Registered

    MAC Address = 00-0C-29-6B-99-7A


Notice the different NetBIOS suffix or code.


You can alternatively use a free NetBIOS Enumerator tool to automate the NetBIOS enumeration process.

 
Type the IP range to scan (192.168.1.1 - 192.168.1.254) > click Scan




SNMP Enumeration

I've enabled the SNMP service on my Windows 7 machine by going to Control Panel > Programs > Programs and Features > Turn Windows features on or off > tick Simple Network Management Protocol (SNMP)


Click Start (Windows button) > type services.msc > press Enter.

Search for SNMP Service and double-click.


Go to Security tab > Add > choose Community rights: READ ONLY (default) > type Community Name: (public) > click Add.


Choose Accept SNMP packets from any host > Apply > OK.


You can automate the SNMP Walk or enumeration process using the free iReasoning MIB Browser tool.


Type the Address (192.168.1.130 in this case) > choose Operations: Walk > click Advanced.


Type the Read Community (public in this case) > choose 1 for SNMP Version > click OK > Go.



There's also an SNMP enumeration tool in Metasploit. To open metasploit in Kali Linux, go to Applications > Exploitation Tools > metasploit. It took a couple minutes for metasploit to initialize



Or issue msfconsole on a Terminal.



msf > search snmp

Matching Modules
================

   Name                                                 Disclosure Date  Rank       Description
   ----                                                 ---------------  ----       -----------
   auxiliary/admin/cisco/cisco_asa_extrabacon                            normal     Cisco ASA Authentication Bypass (EXTRABACON)
   auxiliary/admin/scada/moxa_credentials_recovery      2015-07-28       normal     Moxa Device Credential Retrieval
   auxiliary/scanner/misc/oki_scanner                                    normal     OKI Printer Default Login Credential Scanner
   auxiliary/scanner/misc/oki_scanner                                    normal     OKI Printer Default Login Credential Scanner
   auxiliary/scanner/snmp/aix_version                                    normal     AIX SNMP Scanner Auxiliary Module
   auxiliary/scanner/snmp/aix_version                                    normal     AIX SNMP Scanner Auxiliary Module
   auxiliary/scanner/snmp/arris_dg950                                    normal     Arris DG950A Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/arris_dg950                                    normal     Arris DG950A Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/brocade_enumhash                               normal     Brocade Password Hash Enumeration
   auxiliary/scanner/snmp/brocade_enumhash                               normal     Brocade Password Hash Enumeration
   auxiliary/scanner/snmp/cisco_config_tftp                              normal     Cisco IOS SNMP Configuration Grabber (TFTP)
   auxiliary/scanner/snmp/cisco_config_tftp                              normal     Cisco IOS SNMP Configuration Grabber (TFTP)
   auxiliary/scanner/snmp/cisco_upload_file                              normal     Cisco IOS SNMP File Upload (TFTP)
   auxiliary/scanner/snmp/cisco_upload_file                              normal     Cisco IOS SNMP File Upload (TFTP)
   auxiliary/scanner/snmp/cnpilot_r_snmp_loot                            normal     Cambium cnPilot r200/r201 SNMP Enumeration
   auxiliary/scanner/snmp/cnpilot_r_snmp_loot                            normal     Cambium cnPilot r200/r201 SNMP Enumeration
   auxiliary/scanner/snmp/epmp1000_snmp_loot                             normal     Cambium ePMP 1000 SNMP Enumeration
   auxiliary/scanner/snmp/epmp1000_snmp_loot                             normal     Cambium ePMP 1000 SNMP Enumeration
   auxiliary/scanner/snmp/netopia_enum                                   normal     Netopia 3347 Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/netopia_enum                                   normal     Netopia 3347 Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/sbg6580_enum                                   normal     ARRIS / Motorola SBG6580 Cable Modem SNMP Enumeration Module
   auxiliary/scanner/snmp/sbg6580_enum                                   normal     ARRIS / Motorola SBG6580 Cable Modem SNMP Enumeration Module
   auxiliary/scanner/snmp/snmp_enum                                      normal     SNMP Enumeration Module
   auxiliary/scanner/snmp/snmp_enum                                      normal     SNMP Enumeration Module
   auxiliary/scanner/snmp/snmp_enum_hp_laserjet                          normal     HP LaserJet Printer SNMP Enumeration
   auxiliary/scanner/snmp/snmp_enum_hp_laserjet                          normal     HP LaserJet Printer SNMP Enumeration
   auxiliary/scanner/snmp/snmp_enumshares                                normal     SNMP Windows SMB Share Enumeration
   auxiliary/scanner/snmp/snmp_enumshares                                normal     SNMP Windows SMB Share Enumeration
   auxiliary/scanner/snmp/snmp_enumusers                                 normal     SNMP Windows Username Enumeration
   auxiliary/scanner/snmp/snmp_enumusers                                 normal     SNMP Windows Username Enumeration
   auxiliary/scanner/snmp/snmp_login                                     normal     SNMP Community Login Scanner
   auxiliary/scanner/snmp/snmp_login                                     normal     SNMP Community Login Scanner
   auxiliary/scanner/snmp/snmp_set                                       normal     SNMP Set Module
   auxiliary/scanner/snmp/snmp_set                                       normal     SNMP Set Module
   auxiliary/scanner/snmp/ubee_ddw3611                                   normal     Ubee DDW3611b Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/ubee_ddw3611                                   normal     Ubee DDW3611b Cable Modem Wifi Enumeration
   auxiliary/scanner/snmp/xerox_workcentre_enumusers                     normal     Xerox WorkCentre User Enumeration (SNMP)
   auxiliary/scanner/snmp/xerox_workcentre_enumusers                     normal     Xerox WorkCentre User Enumeration (SNMP)
   exploit/linux/misc/hp_jetdirect_path_traversal       2017-04-05       normal     HP Jetdirect Path Traversal Arbitrary Code Execution
   exploit/multi/http/hp_sys_mgmt_exec                  2013-06-11       excellent  HP System Management Homepage JustGetSNMPQueue Command Injection
   exploit/windows/ftp/oracle9i_xdb_ftp_unlock          2003-08-18       great      Oracle 9i XDB FTP UNLOCK Overflow (win32)
   exploit/windows/http/hp_nnm_ovwebsnmpsrv_main        2010-06-16       great      HP OpenView Network Node Manager ovwebsnmpsrv.exe main Buffer Overflow
   exploit/windows/http/hp_nnm_ovwebsnmpsrv_ovutil      2010-06-16       great      HP OpenView Network Node Manager ovwebsnmpsrv.exe ovutil Buffer Overflow
   exploit/windows/http/hp_nnm_ovwebsnmpsrv_uro         2010-06-08       great      HP OpenView Network Node Manager ovwebsnmpsrv.exe Unrecognized Option Buffer Overflow
   exploit/windows/http/hp_nnm_snmp                     2009-12-09       great      HP OpenView Network Node Manager Snmp.exe CGI Buffer Overflow
   exploit/windows/http/hp_nnm_snmpviewer_actapp        2010-05-11       great      HP OpenView Network Node Manager snmpviewer.exe Buffer Overflow
   exploit/windows/scada/sunway_force_control_netdbsrv  2011-09-22       great      Sunway Forcecontrol SNMP NetDBServer.exe Opcode 0x57
   post/windows/gather/enum_snmp                                         normal     Windows Gather SNMP Settings Enumeration (Registry)

msf > use auxiliary/scanner/snmp/snmp_enum
msf auxiliary(scanner/snmp/snmp_enum) > show options

Module options (auxiliary/scanner/snmp/snmp_enum):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   COMMUNITY  public           yes       SNMP Community String
   RETRIES    1                yes       SNMP Retries
   RHOSTS                      yes       The target address range or CIDR identifier
   RPORT      161              yes       The target port (UDP)
   THREADS    1                yes       The number of concurrent threads
   TIMEOUT    1                yes       SNMP Timeout
   VERSION    1                yes       SNMP Version <1/2c>

msf auxiliary(scanner/snmp/snmp_enum) > set RHOSTS 192.168.1.130
RHOSTS => 192.168.1.130
msf auxiliary(scanner/snmp/snmp_enum) > run

[+] 192.168.1.130, Connected.

[*] System information:

Host IP                       : 192.168.1.130
Hostname                      : WIN-7V0EVV4BKQJ
Description                   : Hardware: x86 Family 6 Model 69 Stepping 1 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)
Contact                       : -
Location                      : -
Uptime snmp                   : 9 days, 18:03:37.09
Uptime system                 : 02:53:52.52
System date                   : 2018-10-2 14:06:00.9

[*] User accounts:

["Guest"]          
["Administrator"]  

[*] Network information:

IP forwarding enabled         : no
Default TTL                   : 128
TCP segments received         : 26301012
TCP segments sent             : 20726185
TCP segments retrans          : 2131171
Input datagrams               : 25283811
Delivered datagrams           : 25289726
Output datagrams              : 21767931

[*] Network interfaces:

Interface                     : [ up ] Software Loopback Interface 1
Id                            : 1
Mac Address                   : :::::
Type                          : softwareLoopback
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (SSTP)
Id                            : 2
Mac Address                   : :::::
Type                          : unknown
Speed                         : 1073 Mbps
MTU                           : 4091
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (L2TP)
Id                            : 3
Mac Address                   : :::::
Type                          : unknown
Speed                         : 1073 Mbps
MTU                           : 1460
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (PPTP)
Id                            : 4
Mac Address                   : :::::
Type                          : unknown
Speed                         : 1073 Mbps
MTU                           : 1464
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (PPPOE)
Id                            : 5
Mac Address                   : :::::
Type                          : ppp
Speed                         : 1073 Mbps
MTU                           : 1494
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (IPv6)
Id                            : 6
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (Network Monitor)
Id                            : 7
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (IP)
Id                            : 8
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ down ] RAS Async Adapter
Id                            : 9
Mac Address                   : 20:41:53:59:4e:ff
Type                          : ppp
Speed                         : 0 Mbps
MTU                           : 0
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (IKEv2)
Id                            : 10
Mac Address                   : 00:00:00:00:00:00
Type                          : unknown
Speed                         : 0 Mbps
MTU                           : 1480
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] Intel(R) PRO/1000 MT Network Connection
Id                            : 11
Mac Address                   : 00:0c:29:6b:99:7a
Type                          : ethernet-csmacd
Speed                         : 1000 Mbps
MTU                           : 1500
In octets                     : 4042544092
Out octets                    : 1796212625

Interface                     : [ up ] Microsoft ISATAP Adapter
Id                            : 12
Mac Address                   : 00:00:00:00:00:00
Type                          : unknown
Speed                         : 0 Mbps
MTU                           : 1280
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] Intel(R) PRO/1000 MT Network Connection-QoS Packet Scheduler-0000
Id                            : 13
Mac Address                   : 00:0c:29:6b:99:7a
Type                          : ethernet-csmacd
Speed                         : 1000 Mbps
MTU                           : 1500
In octets                     : 4042544092
Out octets                    : 1796212625

Interface                     : [ up ] Intel(R) PRO/1000 MT Network Connection-WFP LightWeight Filter-0000
Id                            : 14
Mac Address                   : 00:0c:29:6b:99:7a
Type                          : ethernet-csmacd
Speed                         : 1000 Mbps
MTU                           : 1500
In octets                     : 4042544092
Out octets                    : 1796212625

Interface                     : [ up ] WAN Miniport (IPv6)-QoS Packet Scheduler-0000
Id                            : 15
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (IP)-QoS Packet Scheduler-0000
Id                            : 16
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0

Interface                     : [ up ] WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
Id                            : 17
Mac Address                   : da:48:20:52:41:53
Type                          : ethernet-csmacd
Speed                         : 1073 Mbps
MTU                           : 1500
In octets                     : 0
Out octets                    : 0


[*] Network IP:

Id                  IP Address          Netmask             Broadcast          
1                   127.0.0.1           255.0.0.0           1                  
11                  192.168.1.130       255.255.255.0       1                  

[*] Routing information:

Destination         Next hop            Mask                Metric             
0.0.0.0             192.168.1.1         0.0.0.0             266                
127.0.0.0           127.0.0.1           255.0.0.0           306                
127.0.0.1           127.0.0.1           255.255.255.255     306                
127.255.255.255     127.0.0.1           255.255.255.255     306                
192.168.1.0         192.168.1.130       255.255.255.0       266                
192.168.1.130       192.168.1.130       255.255.255.255     266                
192.168.1.255       192.168.1.130       255.255.255.255     266                
224.0.0.0           127.0.0.1           240.0.0.0           306                
255.255.255.255     127.0.0.1           255.255.255.255     306                

[*] TCP connections and listening ports:

Local address       Local port          Remote address      Remote port         State              
0.0.0.0             21                  0.0.0.0             0                   listen             
0.0.0.0             25                  0.0.0.0             0                   listen             
0.0.0.0             110                 0.0.0.0             0                   listen             
0.0.0.0             135                 0.0.0.0             0                   listen             
0.0.0.0             443                 0.0.0.0             0                   listen             
0.0.0.0             1000                0.0.0.0             0                   listen             
0.0.0.0             8080                0.0.0.0             0                   listen             
0.0.0.0             49152               0.0.0.0             0                   listen             
0.0.0.0             49153               0.0.0.0             0                   listen             
0.0.0.0             49154               0.0.0.0             0                   listen             
0.0.0.0             49155               0.0.0.0             0                   listen             
0.0.0.0             49159               0.0.0.0             0                   listen             
0.0.0.0             49172               0.0.0.0             0                   listen             
127.0.0.1           1080                0.0.0.0             0                   listen             
127.0.0.1           3128                0.0.0.0             0                   listen             
127.0.0.1           3128                127.0.0.1           54285               timeWait           
127.0.0.1           3128                127.0.0.1           54327               timeWait           
127.0.0.1           3128                127.0.0.1           54378               timeWait           
127.0.0.1           3128                127.0.0.1           54420               timeWait           
127.0.0.1           3128                127.0.0.1           54491               timeWait           
127.0.0.1           3128                127.0.0.1           54525               timeWait           
127.0.0.1           3128                127.0.0.1           54588               timeWait           
127.0.0.1           3128                127.0.0.1           54630               timeWait           
127.0.0.1           3128                127.0.0.1           54677               timeWait           
127.0.0.1           3128                127.0.0.1           54729               timeWait           

<OUPUT TRUNCATED>


[*] Listening UDP ports:

Local address       Local port         
0.0.0.0             161                
0.0.0.0             500                
0.0.0.0             4500               
0.0.0.0             5355               
0.0.0.0             53331              
0.0.0.0             53332              
0.0.0.0             53333              
0.0.0.0             58678              
127.0.0.1           1900               
127.0.0.1           62591              
192.168.1.130       137                
192.168.1.130       138                
192.168.1.130       1900               
192.168.1.130       62590              

[*] Network services:

Index               Name               
0                   Power              
1                   Server             
2                   Themes             
3                   IP Helper          
4                   DNS Client         
5                   DHCP Client        
6                   Workstation        
7                   SNMP Service       
8                   VMware Tools       
9                   Plug and Play      
10                  Print Spooler      
11                  Windows Audio      
12                  SSDP Discovery     
13                  Task Scheduler     
14                  Windows Search     
15                  Windows Update     
16                  Security Center    
17                  Computer Browser   
18                  Windows Defender   
19                  Windows Firewall   
20                  COM+ Event System  
21                  Protected Storage  
22                  Windows Event Log  
23                  IPsec Policy Agent 
24                  Group Policy Client
25                  Network Connections
26                  RPC Endpoint Mapper
27                  Software Protection
28                  Network List Service
29                  User Profile Service
30                  Base Filtering Engine
31                  TCP/IP NetBIOS Helper
32                  Cryptographic Services
33                  Diagnostic System Host
34                  Application Information
35                  Diagnostic Service Host
36                  SPP Notification Service
37                  Shell Hardware Detection
38                  Diagnostic Policy Service
39                  Security Accounts Manager
40                  Network Location Awareness
41                  Windows Font Cache Service
42                  Remote Procedure Call (RPC)
43                  DCOM Server Process Launcher
44                  Windows Audio Endpoint Builder
45                  Application Host Helper Service
46                  Network Store Interface Service
47                  Distributed Link Tracking Client
48                  System Event Notification Service
49                  World Wide Web Publishing Service
50                  Windows Management Instrumentation
51                  Windows Process Activation Service
52                  Distributed Transaction Coordinator
53                  IKE and AuthIP IPsec Keying Modules
54                  VMware Physical Disk Helper Service
55                  Desktop Window Manager Session Manager
56                  Background Intelligent Transfer Service
57                  Program Compatibility Assistant Service
58                  VMware Alias Manager and Ticket Service
59                  WinHTTP Web Proxy Auto-Discovery Service

[*] IIS server information:

TotalBytesSentLowWord         : 60481
TotalBytesReceivedLowWord     : 4293
TotalFilesSent                : 0
CurrentAnonymousUsers         : 0
CurrentNonAnonymousUsers      : 0
TotalAnonymousUsers           : 0
TotalNonAnonymousUsers        : 11
MaxAnonymousUsers             : 0
MaxNonAnonymousUsers          : 1
CurrentConnections            : 0
MaxConnections                : 0
ConnectionAttempts            : 1
LogonAttempts                 : 11
Gets                          : 11
Posts                         : 0
Heads                         : 11
Others                        : 0
CGIRequests                   : 0
BGIRequests                   : 0
NotFoundErrors                : 0

[*] Storage information:

Description                   : ["C:\\ Label:  Serial Number 8a5780ad"]
Device id                     : [#<SNMP::Integer:0x00007fbdc4d15f40 @value=1>]
Filesystem type               : ["Fixed Disk"]
Device unit                   : [#<SNMP::Integer:0x00007fbdc4d13ee8 @value=4096>]
Memory size                   : 60.00 GB
Memory used                   : 8.44 GB

Description                   : ["D:\\"]
Device id                     : [#<SNMP::Integer:0x00007fbdc4d0f078 @value=2>]
Filesystem type               : ["Compact Disc"]
Device unit                   : [#<SNMP::Integer:0x00007fbdc4d0d368 @value=0>]
Memory size                   : 0 bytes
Memory used                   : 0 bytes

Description                   : ["Virtual Memory"]
Device id                     : [#<SNMP::Integer:0x00007fbdc4d085e8 @value=3>]
Filesystem type               : ["Virtual Memory"]
Device unit                   : [#<SNMP::Integer:0x00007fbdc4d06810 @value=65536>]
Memory size                   : 2.02 GB
Memory used                   : 1015.19 MB

Description                   : ["Physical Memory"]
Device id                     : [#<SNMP::Integer:0x00007fbdc4d01978 @value=4>]
Filesystem type               : ["Ram"]
Device unit                   : [#<SNMP::Integer:0x00007fbdc4cffc18 @value=65536>]
Memory size                   : 1023.44 MB
Memory used                   : 517.00 MB


[*] File system information:

Index                         : 1
Mount point                   :
Remote mount point            : -
Type                          : NTFS
Access                        : 1
Bootable                      : 1

[*] Device information:

Id                  Type                Status              Descr              
1                   Printer             running             Microsoft XPS Document Writer
2                   Printer             running             Microsoft Shared Fax Driver
3                   Processor           running             Intel              
4                   Processor           running             Intel              
5                   Network             unknown             Software Loopback Interface 1
6                   Network             unknown             WAN Miniport (SSTP)
7                   Network             unknown             WAN Miniport (L2TP)
8                   Network             unknown             WAN Miniport (PPTP)
9                   Network             unknown             WAN Miniport (PPPOE)
10                  Network             unknown             WAN Miniport (IPv6)
11                  Network             unknown             WAN Miniport (Network Monitor)
12                  Network             unknown             WAN Miniport (IP)  
13                  Network             unknown             RAS Async Adapter  
14                  Network             unknown             WAN Miniport (IKEv2)
15                  Network             unknown             Intel(R) PRO/1000 MT Network Connection
16                  Network             unknown             Microsoft ISATAP Adapter
17                  Network             unknown             Intel(R) PRO/1000 MT Network Connection-QoS Packet Scheduler-000
18                  Network             unknown             Intel(R) PRO/1000 MT Network Connection-WFP LightWeight Filter-0
19                  Network             unknown             WAN Miniport (IPv6)-QoS Packet Scheduler-0000
20                  Network             unknown             WAN Miniport (IP)-QoS Packet Scheduler-0000
21                  Network             unknown             WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
22                  Disk Storage        unknown             D:\                
23                  Disk Storage        running             Fixed Disk         
24                  Keyboard            running             IBM enhanced (101- or 102-key) keyboard, Subtype=(0)
25                  Serial Port         unknown             COM1:              

[*] Software components:

Index               Name               
1                   Google Chrome      
2                   ProxySwitcher Standard
3                   PuTTY release 0.70 
4                   Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
5                   Google Update Helper
6                   VMware Tools       
7                   Proxy Workbench    

[*] Processes:

Id                  Status              Name                Path                Parameters         
1                   running             System Idle Process                                        
4                   running             System                                                     
284                 running             smss.exe            \SystemRoot\System32\                   
340                 running             ProxySwitcher.exe   C:\Program Files\Proxy Switcher Standard\-logo -m           
372                 running             csrss.exe           %SystemRoot%\system32\ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:User
420                 running             vmtoolsd.exe        C:\Program Files\VMware\VMware Tools\-n vmusr           
424                 running             wininit.exe                                                
432                 running             csrss.exe           %SystemRoot%\system32\ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:User
480                 running             winlogon.exe                                               
528                 running             services.exe        C:\Windows\system32\                   
536                 running             lsass.exe           C:\Windows\system32\                   
544                 running             lsm.exe             C:\Windows\system32\                   
648                 running             svchost.exe                                                
708                 running             vmacthlp.exe        C:\Program Files\VMware\VMware Tools\                   
752                 running             svchost.exe                                                
816                 running             svchost.exe                                                
880                 running             svchost.exe                                                
904                 running             svchost.exe                                                
1056                running             svchost.exe                                                
1132                running             svchost.exe                                                
1240                running             spoolsv.exe                                                
1252                running             svchost.exe                                                
1292                running             svchost.exe                                                
1308                running             ProxyWB.exe         C:\Program Files\Sigma Solutions Pty Ltd\Proxy Workbench\                   
1548                running             dwm.exe             C:\Windows\system32\                   
1564                running             svchost.exe         C:\Windows\system32\-k iissvcs         
1568                running             VGAuthService.exe   C:\Program Files\VMware\VMware Tools\VMware VGAuth\                   
1608                running             explorer.exe        C:\Windows\                            
1684                running             vmtoolsd.exe        C:\Program Files\VMware\VMware Tools\                   
1704                running             taskhost.exe                                               
1812                running             WmiPrvSE.exe                                               
1952                running             snmp.exe            C:\Windows\System32\                   
2184                running             msdtc.exe                                                  
2208                running             svchost.exe                                                
2536                running             SearchIndexer.exe                                          
2948                running             taskhost.exe                            $(Arg0)            
3052                running             taskhost.exe                                               
3844                running             sppsvc.exe                                                 
3880                running             svchost.exe                                                
3988                running             svchost.exe                                                
4512                running             mmc.exe             C:\Windows\system32\"C:\Windows\system32\services.msc"
4644                running             taskeng.exe                             {6D49DB7B-BD14-483E-B533-1225437CC666}
5860                running             javaw.exe           C:\Program Files\ireasoning\mibbrowser\jre\bin\-Xmx768m  -Duser.country=US -Duser.language=en -Dsun.java2d.d3d=false -Dsun.java2d.noddraw=false -jar "C:\Program Files\ireason


[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/snmp/snmp_enum) >



You can use alternatively use the snmpwalk command in Kali Linux.


root@kali:~# snmpwalk -c public 192.168.1.130 -v1
Created directory: /var/lib/snmp/mib_indexes
iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: x86 Family 6 Model 69 Stepping 1 AT/AT COMPATIBLE - Software: Windows Version 6.1 (Build 7601 Multiprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (1101240) 3:03:32.40
iso.3.6.1.2.1.1.4.0 = ""
iso.3.6.1.2.1.1.5.0 = STRING: "WIN-7V0EVV4BKQJ"
iso.3.6.1.2.1.1.6.0 = ""
iso.3.6.1.2.1.1.7.0 = INTEGER: 76
iso.3.6.1.2.1.2.1.0 = INTEGER: 17
iso.3.6.1.2.1.2.2.1.1.1 = INTEGER: 1
iso.3.6.1.2.1.2.2.1.1.2 = INTEGER: 2
iso.3.6.1.2.1.2.2.1.1.3 = INTEGER: 3
iso.3.6.1.2.1.2.2.1.1.4 = INTEGER: 4
iso.3.6.1.2.1.2.2.1.1.5 = INTEGER: 5
iso.3.6.1.2.1.2.2.1.1.6 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.1.7 = INTEGER: 7
iso.3.6.1.2.1.2.2.1.1.8 = INTEGER: 8
iso.3.6.1.2.1.2.2.1.1.9 = INTEGER: 9
iso.3.6.1.2.1.2.2.1.1.10 = INTEGER: 10
iso.3.6.1.2.1.2.2.1.1.11 = INTEGER: 11
iso.3.6.1.2.1.2.2.1.1.12 = INTEGER: 12
iso.3.6.1.2.1.2.2.1.1.13 = INTEGER: 13
iso.3.6.1.2.1.2.2.1.1.14 = INTEGER: 14
iso.3.6.1.2.1.2.2.1.1.15 = INTEGER: 15
iso.3.6.1.2.1.2.2.1.1.16 = INTEGER: 16
iso.3.6.1.2.1.2.2.1.1.17 = INTEGER: 17
iso.3.6.1.2.1.2.2.1.2.1 = Hex-STRING: 53 6F 66 74 77 61 72 65 20 4C 6F 6F 70 62 61 63
6B 20 49 6E 74 65 72 66 61 63 65 20 31 00
iso.3.6.1.2.1.2.2.1.2.2 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 53 53
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.3 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4C 32
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.4 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50
54 50 29 00
iso.3.6.1.2.1.2.2.1.2.5 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 50 50
50 4F 45 29 00
iso.3.6.1.2.1.2.2.1.2.6 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50
76 36 29 00
iso.3.6.1.2.1.2.2.1.2.7 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4E 65
74 77 6F 72 6B 20 4D 6F 6E 69 74 6F 72 29 00
iso.3.6.1.2.1.2.2.1.2.8 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50
29 00
iso.3.6.1.2.1.2.2.1.2.9 = Hex-STRING: 52 41 53 20 41 73 79 6E 63 20 41 64 61 70 74 65
72 00
iso.3.6.1.2.1.2.2.1.2.10 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 4B
45 76 32 29 00
iso.3.6.1.2.1.2.2.1.2.11 = Hex-STRING: 49 6E 74 65 6C 28 52 29 20 50 52 4F 2F 31 30 30
30 20 4D 54 20 4E 65 74 77 6F 72 6B 20 43 6F 6E
6E 65 63 74 69 6F 6E 00
iso.3.6.1.2.1.2.2.1.2.12 = Hex-STRING: 4D 69 63 72 6F 73 6F 66 74 20 49 53 41 54 41 50
20 41 64 61 70 74 65 72 00
iso.3.6.1.2.1.2.2.1.2.13 = Hex-STRING: 49 6E 74 65 6C 28 52 29 20 50 52 4F 2F 31 30 30
30 20 4D 54 20 4E 65 74 77 6F 72 6B 20 43 6F 6E
6E 65 63 74 69 6F 6E 2D 51 6F 53 20 50 61 63 6B
65 74 20 53 63 68 65 64 75 6C 65 72 2D 30 30 30
30 00
iso.3.6.1.2.1.2.2.1.2.14 = Hex-STRING: 49 6E 74 65 6C 28 52 29 20 50 52 4F 2F 31 30 30
30 20 4D 54 20 4E 65 74 77 6F 72 6B 20 43 6F 6E
6E 65 63 74 69 6F 6E 2D 57 46 50 20 4C 69 67 68
74 57 65 69 67 68 74 20 46 69 6C 74 65 72 2D 30
30 30 30 00
iso.3.6.1.2.1.2.2.1.2.15 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50
76 36 29 2D 51 6F 53 20 50 61 63 6B 65 74 20 53
63 68 65 64 75 6C 65 72 2D 30 30 30 30 00
iso.3.6.1.2.1.2.2.1.2.16 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 49 50
29 2D 51 6F 53 20 50 61 63 6B 65 74 20 53 63 68
65 64 75 6C 65 72 2D 30 30 30 30 00
iso.3.6.1.2.1.2.2.1.2.17 = Hex-STRING: 57 41 4E 20 4D 69 6E 69 70 6F 72 74 20 28 4E 65
74 77 6F 72 6B 20 4D 6F 6E 69 74 6F 72 29 2D 51
6F 53 20 50 61 63 6B 65 74 20 53 63 68 65 64 75
6C 65 72 2D 30 30 30 30 00
iso.3.6.1.2.1.2.2.1.3.1 = INTEGER: 24
iso.3.6.1.2.1.2.2.1.3.2 = INTEGER: 131
iso.3.6.1.2.1.2.2.1.3.3 = INTEGER: 131
iso.3.6.1.2.1.2.2.1.3.4 = INTEGER: 131
iso.3.6.1.2.1.2.2.1.3.5 = INTEGER: 23
iso.3.6.1.2.1.2.2.1.3.6 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.7 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.8 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.9 = INTEGER: 23
iso.3.6.1.2.1.2.2.1.3.10 = INTEGER: 131
iso.3.6.1.2.1.2.2.1.3.11 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.12 = INTEGER: 131
iso.3.6.1.2.1.2.2.1.3.13 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.14 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.15 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.16 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.3.17 = INTEGER: 6
iso.3.6.1.2.1.2.2.1.4.1 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.2 = INTEGER: 4091
iso.3.6.1.2.1.2.2.1.4.3 = INTEGER: 1460
iso.3.6.1.2.1.2.2.1.4.4 = INTEGER: 1464
iso.3.6.1.2.1.2.2.1.4.5 = INTEGER: 1494
iso.3.6.1.2.1.2.2.1.4.6 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.7 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.8 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.9 = INTEGER: 0
iso.3.6.1.2.1.2.2.1.4.10 = INTEGER: 1480
iso.3.6.1.2.1.2.2.1.4.11 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.12 = INTEGER: 1280
iso.3.6.1.2.1.2.2.1.4.13 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.14 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.15 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.16 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.4.17 = INTEGER: 1500
iso.3.6.1.2.1.2.2.1.5.1 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.2 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.3 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.4 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.5 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.6 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.7 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.8 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.9 = Gauge32: 0
iso.3.6.1.2.1.2.2.1.5.10 = Gauge32: 0
iso.3.6.1.2.1.2.2.1.5.11 = Gauge32: 1000000000
iso.3.6.1.2.1.2.2.1.5.12 = Gauge32: 100000
iso.3.6.1.2.1.2.2.1.5.13 = Gauge32: 1000000000
iso.3.6.1.2.1.2.2.1.5.14 = Gauge32: 1000000000
iso.3.6.1.2.1.2.2.1.5.15 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.16 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.5.17 = Gauge32: 1073741824
iso.3.6.1.2.1.2.2.1.6.1 = ""
iso.3.6.1.2.1.2.2.1.6.2 = ""
iso.3.6.1.2.1.2.2.1.6.3 = ""
iso.3.6.1.2.1.2.2.1.6.4 = ""
iso.3.6.1.2.1.2.2.1.6.5 = ""
iso.3.6.1.2.1.2.2.1.6.6 = Hex-STRING: DA 48 20 52 41 53
iso.3.6.1.2.1.2.2.1.6.7 = Hex-STRING: DA 48 20 52 41 53
iso.3.6.1.2.1.2.2.1.6.8 = Hex-STRING: DA 48 20 52 41 53
iso.3.6.1.2.1.2.2.1.6.9 = Hex-STRING: 20 41 53 59 4E FF
iso.3.6.1.2.1.2.2.1.6.10 = Hex-STRING: 00 00 00 00 00 00 00 00
iso.3.6.1.2.1.2.2.1.6.11 = Hex-STRING: 00 0C 29 6B 99 7A
iso.3.6.1.2.1.2.2.1.6.12 = Hex-STRING: 00 00 00 00 00 00 00 E0
iso.3.6.1.2.1.2.2.1.6.13 = Hex-STRING: 00 0C 29 6B 99 7A
iso.3.6.1.2.1.2.2.1.6.14 = Hex-STRING: 00 0C 29 6B 99 7A
iso.3.6.1.2.1.2.2.1.6.15 = Hex-STRING: DA 48 20 52 41 53
iso.3.6.1.2.1.2.2.1.6.16 = Hex-STRING: DA 48 20 52 41 53
iso.3.6.1.2.1.2.2.1.6.17 = Hex-STRING: DA 48 20 52 41 53 

<OUTPUT TRUNCATED>

Posted by at No comments:
Subscribe to: Posts (Atom)