Metasploit Unleashed: Figuring out why snmp_enum doesn't work


In an effort to retain the what I learned in the Adaptive Pen Test class I took this year at Black Hat I'm going through the Metasploit Unleashed online course. I hit a snag on the first 'hands-on' lab (snmp_enum) which caused me to take a couple hour detour into snmp troubleshooting-land. It was pretty annoying so I'm posting my solution here in the hope that it will be useful to others.

This is the error I was seeing in Metasploit: Unknown error: Errno::ECONNREFUSED Connection refused

References

 

Symptoms

Metasploit console (MSFConsole) displays this message:

Unknown error: Errno::ECONNREFUSED Connection refused - recvfrom(2)

metsaploiterror.png

 

Running netstat -an on the metasploitable VM shows that UDP port 161 (snmp default port) is bound to 127.0.0.1, making it inaccessible outside localhost:metasploitable-snmplistenerissue.png

(Look at the 7th line from the bottom to see this)

 

Solution

The solution to fixing the metasploitable 2 VM is to adjust the default so it doesn't use 127.0.0.1. I had a hard time parsing the snmpd man pages and found the documentation to be geared towards someone who knows more about snmp than I do. Eventually I stumbled on a serverfault page which had the answer: /etc/default/snmpd was overwriting my snmpd configuration values!

Here are the steps I took to fix the problem:

  • Login to the metasploitable virtual machine (msfadmin/masfadmin are the credentials)
  • sudo nano /etc/default/snmpd
  • Find the line that starts with SNMPDOPTS= and remove 127.0.0.1 from the end of the line
  • /etc/init.d/snmpd restart

Now I am able to use the snmp_enum auxiliary module from within metasploit's MSFConsole against the  metasploitable virtual machine

 

For reference, here is what my /etc/default/snmpd file looks like after I fixed the default issue:

metasploitable-corrected-snmp.png