metasploit-gs/documentation/modules/auxiliary/admin/juniper/juniper_config.md

## General Notes

This module imports a Juniper configuration file into the database.
This is similar to `post/juniper/gather/enum_juniper` only access isn't required,
and assumes you already have the file.

Example files for import can be found on git, like [this (junos)](https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/juniper_ex2200.config)
or [this (screenos)](https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/juniper_ssg5_screenos.conf).

## Verification Steps

1. Have a Juniper configuration file
2. Start `msfconsole`
3. `use auxiliary/admin/juniper/juniper_config`
4. `set RHOST x.x.x.x`
5. `set CONFIG /tmp/file.config`
6. `set action junos`
7. `run`

## Options

  **RHOST**

  Needed for setting services and items to.  This is relatively arbitrary.

  **CONFIG**

  File path to the configuration file.

  **Action**

  `JUNOS` for JunOS config file, and `SCREENOS` for ScreenOS config file.

## Scenarios

### JunOS

```
root@metasploit-dev:~/metasploit-framework# wget -o /dev/null -O /tmp/juniper_ex2200.config https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/juniper_ex2200.config
root@metasploit-dev:~/metasploit-framework# ./msfconsole 

[*] Starting persistent handler(s)...
msf5 > use auxiliary/admin/juniper/gather/juniper_config
msf5 auxiliary(admin/juniper/gather/juniper_config) > set config /tmp/juniper_ex2200.config
config => /tmp/juniper_ex2200.config
msf5 auxiliary(admin/juniper/gather/juniper_config) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf5 auxiliary(admin/juniper/gather/juniper_config) > run
[*] Running module against 127.0.0.1

[*] Importing config
[+] root password hash: $1$pz9b1.fq$foo5r85Ql8mXdoRUe0C1E.
[+] User 2000 named newuser in group super-user found with password hash $1$rm8FaMFY$k4LFxqsVAiGO5tKqyO9jJ/.
[+] User 2002 named newuser2 in group operator found with password hash $1$aDZi44AP$bQGGjqPJ.F.Cm5QvX2yaa0.
[+] User 2003 named newuser3 in group read-only found with password hash $1$1.YvKzUY$dcAj99KngGhFZTpxGjA93..
[+] User 2004 named newuser4 in group unauthorized found with password hash $1$bdWYaqOE$z6oTSJS3p1R8CoNaos9Ce/.
[+] SNMP community read with permissions read-only
[+] SNMP community public with permissions read-only
[+] SNMP community private with permissions read-write
[+] SNMP community secretsauce with permissions read-write
[+] SNMP community hello there with permissions read-write
[+] radius server 1.1.1.1 password hash: $9$Y-4GikqfF39JGCu1Ileq.PQ6AB1hrlMBIyKvWdV
[+] PPTP username 'pap_username' hash $9$he4revM87-dsevm5TQCAp0BErvLxd4JDNdkPfT/9BIR via PAP
[+] Config import successful
[*] Auxiliary module execution completed
```

### ScreenOS

```
root@metasploit-dev:~/metasploit-framework# wget -o /dev/null -O /tmp/screenos.conf https://raw.githubusercontent.com/h00die/MSF-Testing-Scripts/master/juniper_ssg5_screenos.conf
root@metasploit-dev:~/metasploit-framework# ./msfconsole 

[*] Starting persistent handler(s)...
msf5 > use auxiliary/admin/juniper/gather/juniper_config
msf5 auxiliary(admin/juniper/gather/juniper_config) > set config /tmp/screenos.conf
config => /tmp/screenos.conf
msf5 auxiliary(admin/juniper/gather/juniper_config) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf5 auxiliary(admin/juniper/gather/juniper_config) > set action SCREENOS
action => SCREENOS
msf5 auxiliary(admin/juniper/gather/juniper_config) > run
[*] Running module against 127.0.0.1

[*] Importing config
[+] Admin user netscreen found with password hash nKVUM2rwMUzPcrkG5sWIHdCtqkAibn
[+] User 1 named testuser found with password hash auth. Enable permission: 02b0jt2gZGipCiIEgl4eainqZIKzjSNQYLIwE=
[+] Config import successful
[*] Auxiliary module execution completed
```