Quick Tutorial: SNMP Enumeration

The Simple Network Management Protocol (SNMP) is the protocol to manage network devices such as printers, switches, routers, hubs, etc.

It uses UDP protocol to operate its functionality. If SNMP devices are not configured securely, attackers may read and change the configurations.

This tutorial covers SNMP enumeration methods and tools that can be used while performing penetration testing.

What is SNMP?

SNMP protocol uses two passwords for authentication: a public key (to view configuration settings) and a private key (to configure network devices).

Hackers and Security Professionals try to get the following methods by SNMP enumeration:

  • Extract default SNMP passwords
  • Bruteforce passwords

Nmap has a lot of scripts for the enumeration of SNMP. Use snmp-* to search Nmap scripts in the database. Refer to this cheat sheet of Nmap to learn more commands of Nmap.

ls /usr/share/nmap/scripts | grep snmp-*
nmap --script snmp-* <IP>

Prevention

  • Always change passwords periodically
  • Always block access of UDP ports 161
  • The default password should be changed on the first login
  • Use SNMPv3 (more recent and secure) for decrypting passwords
  • Delete or disable SNMP agents on hosts

For SNMP enumeration, Kali Linux comes with pre-installed tools

snmpwalk

Simple tool to get complete information related to SNMP

snmpwalk -c public <IP>

snmp-check

The basic tool to identify information on SNMP devices. It supports the enumeration of hostname, devices, hardware and storage information, contact, description, etc. Below is the basic syntax for the usage of the tool.

snmp-check -t <IP>

Conclusion

This tutorial talks about SNMP enumeration methods and tools that may be used during engagement in penetration testing.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues