Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HP LaserJet Printer SNMP Enumeration

🗓️ 31 Aug 2024 00:00:00Reported by Matteo Cantoni, metasploit.comType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 159 Views

HP LaserJet Printer SNMP Enumeration module for file enumeration, filename, client, timestamp, and username retrieval. Uses default community "public".

Code
`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::SNMPClient  
include Msf::Auxiliary::Report  
include Msf::Auxiliary::Scanner  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'HP LaserJet Printer SNMP Enumeration',  
'Description' => %q{  
This module allows enumeration of files previously printed.  
It provides details as filename, client, timestamp and username information.  
The default community used is "public".  
},  
'References' =>  
[  
[ 'URL', 'https://en.wikipedia.org/wiki/Simple_Network_Management_Protocol' ],  
[ 'URL', 'https://net-snmp.sourceforge.io/docs/man/snmpwalk.html' ],  
[ 'URL', 'http://www.nothink.org/codes/snmpcheck/index.php' ],  
[ 'URL', 'http://www.securiteam.com/securitynews/5AP0S2KGVS.html' ],  
[ 'URL', 'http://stuff.mit.edu/afs/athena/dept/cron/tools/share/mibs/290923.mib' ],  
],  
'Author' => 'Matteo Cantoni <goony[at]nothink.org>',  
'License' => MSF_LICENSE  
))  
end  
  
def run_host(ip)  
begin  
snmp = connect_snmp  
  
vprint_status("Connecting to #{ip}")  
  
output_data = []  
  
output_data << "IP address : #{ip}"  
  
sysName = snmp.get_value('1.3.6.1.2.1.1.5.0').to_s  
output_data << "Hostname : #{sysName.strip}"  
  
sysDesc = snmp.get_value('1.3.6.1.2.1.1.1.0').to_s  
sysDesc.gsub!(/^\s+|\s+$|\n+|\r+/, ' ')  
output_data << "Description : #{sysDesc.strip}"  
  
sysContact = snmp.get_value('1.3.6.1.2.1.1.4.0').to_s  
output_data << "Contact : #{sysContact.strip}" if not sysContact.empty?  
  
sysLocation = snmp.get_value('1.3.6.1.2.1.1.6.0').to_s  
output_data << "Location : #{sysLocation.strip}" if not sysLocation.empty?  
  
output_data << ""  
  
snmp.walk([  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.1", # job-info-name1 - document name1  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.2", # job-info-name2 - document name2  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.1", # job-info-attr-1 - username  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.2", # job-info-attr-2 - machine name  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.3", # job-info-attr-3 - domain (?)  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.4", # job-info-attr-4 - timestamp  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.6", # job-info-attr-6 - application name  
"1.3.6.1.4.1.11.2.3.9.4.2.1.1.6.5.23.7", # job-info-attr-7 - application command  
]) do |name1,name2,username,client,domain,timestamp,app_name,app_command|  
  
filename = name1.value.to_s + name2.value.to_s  
  
if (username.value.to_s !~ /noSuchInstance/)  
if username.value.to_s =~ /^JobAcct(\d+)=(.*)/  
username = $2  
end  
else  
username = ''  
end  
  
if (client.value.to_s !~ /noSuchInstance/)  
if client.value.to_s =~ /^JobAcct(\d+)=(.*)/  
client = $2  
end  
else  
client = ''  
end  
  
if (domain.value.to_s !~ /noSuchInstance/)  
if domain.value.to_s =~ /^JobAcct(\d+)=(.*)/  
domain = $2  
end  
else  
domain = ''  
end  
  
if (timestamp.value.to_s !~ /noSuchInstance/)  
if timestamp.value.to_s =~ /^JobAcct(\d+)=(.*)/  
timestamp = $2  
end  
else  
timestamp = ''  
end  
  
if (app_name.value.to_s !~ /noSuchInstance/)  
if app_name.value.to_s =~ /^JobAcct(\d+)=(.*)/  
app_name = $2  
end  
else  
app_name = ''  
end  
  
if (app_command.value.to_s !~ /noSuchInstance/)  
if app_command.value.to_s =~ /^JobAcct(\d+)=(.*)/  
app_command = $2  
end  
else  
app_command = ''  
end  
  
if not timestamp.empty?  
output_data << "File name : #{filename}"  
output_data << "Username : #{username}" if not username.empty?  
output_data << "Client : #{client}" if not client.empty?  
output_data << "Domain : #{domain}" if not domain.empty?  
output_data << "Timestamp : #{timestamp}" if not timestamp.empty?  
output_data << "Application : #{app_name} (#{app_command})" if not app_name.empty?  
output_data << ""  
end  
end  
  
output_data.each do |row|  
print_good("#{row}")  
end  
  
disconnect_snmp  
  
rescue SNMP::RequestTimeout  
print_error("#{ip}, SNMP request timeout.")  
rescue Errno::ECONNREFUSED  
print_error("#{ip}, Connection refused.")  
rescue SNMP::InvalidIpAddress  
print_error("#{ip}, Invalid IP Address. Check it with 'snmpwalk tool'.")  
rescue ::Interrupt  
raise $!  
rescue ::Exception => e  
print_error("#{ip}, Unknown error: #{e.class} #{e}")  
end  
end  
end  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
31 Aug 2024 00:00Current
7.4High risk
Vulners AI Score7.4
metasploitsnmp enumerationprinterfile enumerationtimestampusernameclientcommunitysecurityinformation
159