Pentesting

SNMP Enumeration

What is SNMP and what does it do?

SNMP was designed to manage IP-enable devices across a network

  • SNMP consists of

    • A manager

    • Agents

How does SNMP work?

It works by having a central management systems that makes requests of SNMP agents on the devices

The agents then respond to the requests by going through the Management Information Base (MIB)

  • The MIB holds information, and is arranged with numeric identifiers called object identifiers (OIDs)

There are two type of SNMP packets or requests

  • SNMP GET - when the SNMP management station asks a device for information

  • SNMP SET - when the SNMP management station asks to make a configuration change

There are two types of managed object in SNMP

  • Scalar - defines a single object

  • Tabular - multiple related objects that can be grouped together in MIB tables

SNMP uses a community string as a form of password

  • The read-only version of the community string is public and allows the requester to read anything that SNMP can grab from the device

  • The read-write version is private and is used to control access for the SNMP SET requests.

There are two major downsides in the use of these community string passwords

  • Defaults (which are active on all SNMP enabled devices by default) are extremely easy

  • These strings are sent in clear text (NTPv3 and SMTPv3 provide encryption)

SNMP Enumeration tools

  • Engineer's Toolset

  • SNMP Scanner

  • OpUtils 5

  • SNScan

PreviousNetBIOS EnumerationNextSniffing

Last updated