Quick Tutorial: SNMP Enumeration

The Simple Network Management Protocol (SNMP) is the protocol to manage network devices such as printers, switches, routers, hubs etc. It uses UDP protocol to operate its functionality. If SNMP devices not configured securely, an attacker may read and change the configurations. This tutorial covers SNMP enumeration methods and tools that can be used while performing penetration testing.

SNMP protocol uses two passwords for authentication: a public key (to view configuration settings) and a private key (to configure network devices).

Hacker try to get following methods by SNMP enumeration:

  • Extract default SNMP passwords
  • Bruteforce passwords

Nmap has a lot of scripts for the enumeration of SNMP. Use snmp-* to search Nmap scripts in the database. Refer to this cheatsheet of Nmap to know more commands of Nmap.

ls /usr/share/nmap/scripts | grep snmp-*
nmap --script snmp-* <IP>

Prevention

  • Always change passwords periodically
  • Always block access of UDP ports 161
  • The default password should be changed on the first login
  • Use SNMPv3 (more recent and secure) for decrypting passwords
  • Delete or disable SNMP agents on hosts

For SNMP enumeration, Kali Linux come with pre-installed tools:

snmpwalk

Simple tool to get complete information related to SNMP

snmpwalk -c public <IP>

snmp-check

Basic tool to identify information of SNMP devices. It supports enumeration of hostname, devices, hardware and storage information, contact, description etc. Below is the basic syntax for usage of tool.

snmp-check -t <IP>

Conclusion

This tutorial talks about SNMP enumeration methods and tools that may be used while engagement in penetration testing.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published.