4.3 SNMP Enumeration

SNMP (Simple Network Management Protocol) Enumeration

  • SNMP enumeration is a process of enumerating user accounts and devices on a target system using SNMP.
  • SNMP consists of a manager and an agent; agents are embedded on every network device, and the manager is installed on a separate computer.
  • SNMP holds two passwords to access and configure the SNMP agent from the management station:
    • Read community string: It is public by default; allows viewing of device/system configuration.
    • Read/write community string: It is private by default; allows remote editing of configuration.
  • Attacker uses these default community strings to extract information about a device.
  • Attackers enumerate SNMP to extract information about network resources such as hosts, routers, devices, shares, etc. and network information such as ARP tables, routing tables, traffic, etc.
  • 網管協定
  • snmpwalk: snmpwalk -v 1 -c public
  • snmpcheck: snmpcheck -t

Working of SNMP

Management Information Base (MIB)

  • MIB is a virtual database containing formal description of all the network objects that can be managed using SNMP.
  • The MIB database is hierarchical and each managed object in a MIB is addressed through Object Identifiers (OIDs).
  • Two types of managed objects exist:
    • Scalar objects that define a single object instance.
    • Tabular objects that define multiple related object instances are grouped in MIB tables.
  • The OID includes the type of MIB object such as counter, string, or address, access level such as not-accessible, accessible-for-notify, read-only or read-write, size restrictions, and range information.
  • SNMP uses the MIB's hierarchical namespace containing Object Identifiers (OIDs) to translate the OID numbers into a human-readable display.
  • 網管資料庫
  • User ID: SID(重要不可被查到)+RID(流水號,從1000開始)
    • Computer
    • Domain

SNMP Enumeration Tools:

  • OpUtils: OpUtils with its integrated set of tools helps network engineers to monitor, diagnose, and troubleshoot their IT resources.
  • Engineer's Toolset:
    • Engineer's Toolset performs network discovery on a single subnet or a range of subnets using ICMP and SNMP.
    • It scans a single IP, IP address range, or subnet and displays network devices discovered in real time.

results matching ""

    No results matching ""