snmpenum.pl Not Working on Kali Linux

Recently I was asked by someone to help figure out why snmpenum.pl was not working on Kali Linux.  Though the solution was simple, it took more time than it should have to get there.

Note: snmpenum.pl can be downloaded directly using the following link – http://dl.packetstormsecurity.net/UNIX/scanners/snmpenum.zip

snmpenum.pl is a tool to enumerate SNMP information on any host with an open SNMP port (usually UDP 161).  For it to work, you need to specify, in order, the IP of the host you want to enumerate, the community string to use, and the name or full path to a tab delimited file containing the following information:

<Type of host, ex: Cisco>   <Name of Enumeration Item>   <MIB.in.dotted.decimal.notation>

Here are the contents of the example file for Linux hosts that comes with snmpenum.pl:

Linux   RUNNING PROCESSES       1.3.6.1.2.1.25.4.2.1.2
Linux   SYSTEM INFO             1.3.6.1.2.1.1.1
Linux   HOSTNAME                1.3.6.1.2.1.1.5
Linux   UPTIME                  1.3.6.1.2.1.1.3
Linux   MOUNTPOINTS             1.3.6.1.2.1.25.2.3.1.3
Linux   RUNNING SOFTWARE PATHS  1.3.6.1.2.1.25.4.2.1.4
Linux   LISTENING UDP PORTS     1.3.6.1.2.1.7.5.1.2.0.0.0.0
Linux   LISTENING TCP PORTS     1.3.6.1.2.1.6.13.1.3.0.0.0.0

Now the specific error we were getting was as follows:

root@kali:~/tmp# perl snmpenum.pl 192.168.1.1 public linux.txt 


----------------------------------------
    UPTIME
----------------------------------------

" is expected in dotted decimal notation..1.2.1.1.3

For some reason or another it was not liking the MIB, stating it was not in dotted decimal notation.  After (too much) troubleshooting and investigating both the snmpenum.pl code as well as the linux.txt file, I realized that the linux.txt file was in Windows/DOS format, containing CRLF (carriage return, line feed) line terminators.

root@kali:~/tmp# file linux.txt 
linux.txt: ASCII text, with CRLF line terminators

CRLF line termination characters cause issues when used on Linux (http://en.wikipedia.org/wiki/Newline).  Linux only uses LF to signify a new line, so it treats the CR character as an actual character in the file, and in this case, causes a character to be added to the end of the MIB, in turn making the MIB not in dotted decimal notation.

The quick fix was to use the dos2unix tool on the file to remove the Windows line termination characters and replace them with *nix line termination characters.  After this, we were able to run snmpenum.pl without any issues.

# If the tool is not already installed:
apt-get update && apt-get install dos2unix

# Then run
root@kali:~/tmp# dos2unix linux.txt 
dos2unix: converting file linux.txt to Unix format ...

root@kali:~/tmp# file linux.txt 
linux.txt: ASCII text

 

Fixing php-fcgi (php5-fastcgi) Init Script

A long time ago when I setup my self-hosted WordPress blog (what you’re reading on now), I had to install PHP onto my system.  I believe I followed some guide for configuring a php-fcgi Init script (used to run and manage the program as a service).  I can not remember the exact details of what happened during that time, but I realized recently that even though the service starts, if I run the command ‘service php-fcgi status’, it will show up as having failed to start.

After some tweaking and editing, I now have the Init script running properly.  Below are the details as to what I had to change to get this to work.  If you installed php-fcgi and need an Init script for it, then you can use the final version below (this is verified to work on openSUSE 12.3).

Originally the PHP_CGI_ARGS variable was:

PHP_CGI_ARGS=”- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND”

…and the actual line to start the process in the start() function was

/sbin/startproc -u “$USER”  /usr/bin/env — “$PHP_CGI_ARGS”

What I believe the issue was, is that /sbin/startproc was essentially trying to daemonize the /usr/bin/env process instead of /usr/bin/php-cgi.  As you can see by the final version of the Init file below, I changed the PHP_CGI_ARGS variable to:

PHP_CGI_ARGS=”- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS”

…and the line in the start() function to:

/usr/bin/env — $PHP_CGI_ARGS /sbin/startproc -u $USER $PHP_CGI -b $BIND

This way /usr/bin/env, whose purpose in this script is to run a command with a modified environment, will run /sbin/startproc who in turn will daemonize the /usr/bin/php-cgi process (what we wanted to run as a service, a.k.a. daemon, in the first place).

Final version of ‘/etc/init.d/php-fcgi’:

#!/bin/bash
### BEGIN INIT INFO
# Provides:          php-fcgi
# Required-Start:    $network
# Should-Start:      nginx lighttpd httpd
# Required-Stop:     $network
# Should-Stop:       nginx lighttpd httpd
# Default-Start:     3 4 5
# Default-Stop:      0 1 2 6
# Short-Description: starts php over fcgi
# Description:       starts php over fcgi
### END INIT INFO

(( EUID )) && echo .You need to have root priviliges.. && exit 1
BIND=127.0.0.1:9000
USER=wwwrun
PHP_FCGI_CHILDREN=2
PHP_FCGI_MAX_REQUESTS=1000

PHP_CGI=/usr/bin/php-cgi
PHP_CGI_NAME=`basename $PHP_CGI`
PHP_CGI_ARGS="- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS"
RETVAL=0

start() {
      echo -n "Starting PHP FastCGI: "
      /usr/bin/env -- $PHP_CGI_ARGS /sbin/startproc -u $USER $PHP_CGI -b $BIND
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}
stop() {
      echo -n "Stopping PHP FastCGI: "
      killall -q -w -u $USER $PHP_CGI
      RETVAL=$?
      echo "$PHP_CGI_NAME."
}

case "$1" in
    start)
      start
  ;;
    stop)
      stop
  ;;
    restart)
      stop
      start
  ;;
    *)
      echo "Usage: php-fastcgi {start|stop|restart}"
      exit 1
  ;;
esac
exit $RETVAL

After changing your script, if on a current openSUSE system, you will have to run the following command before using the normal service command to start, stop, or restart the php-fcgi service.:

# systemctl daemon-reload