Metasploit Unleashed: Figuring out why snmp_enum doesn't work
In an effort to retain the what I learned in the Adaptive Pen Test class I took this year at Black Hat I'm going through the Metasploit Unleashed online course. I hit a snag on the first 'hands-on' lab (snmp_enum) which caused me to take a couple hour detour into snmp troubleshooting-land. It was pretty annoying so I'm posting my solution here in the hope that it will be useful to others.
This is the error I was seeing in Metasploit: Unknown error: Errno::ECONNREFUSED Connection refused
References
- Metasploid Unleashed (snmp_enum) [offensive-security.com]
- SNMPD not binding correctly [serverfault.com]
- Metasploitable 2 [sourceforge.net]
Symptoms
Metasploit console (MSFConsole) displays this message:
Unknown error: Errno::ECONNREFUSED Connection refused - recvfrom(2)
Running netstat -an on the metasploitable VM shows that UDP port 161 (snmp default port) is bound to 127.0.0.1, making it inaccessible outside localhost:
(Look at the 7th line from the bottom to see this)
Solution
The solution to fixing the metasploitable 2 VM is to adjust the default so it doesn't use 127.0.0.1. I had a hard time parsing the snmpd man pages and found the documentation to be geared towards someone who knows more about snmp than I do. Eventually I stumbled on a serverfault page which had the answer: /etc/default/snmpd was overwriting my snmpd configuration values!
Here are the steps I took to fix the problem:
- Login to the metasploitable virtual machine (msfadmin/masfadmin are the credentials)
- sudo nano /etc/default/snmpd
- Find the line that starts with SNMPDOPTS= and remove 127.0.0.1 from the end of the line
- /etc/init.d/snmpd restart
Now I am able to use the snmp_enum auxiliary module from within metasploit's MSFConsole against the metasploitable virtual machine
For reference, here is what my /etc/default/snmpd file looks like after I fixed the default issue:
