4.3 SNMP Enumeration
SNMP (Simple Network Management Protocol) Enumeration
- SNMP enumeration is a process of enumerating user accounts and devices on a target system using SNMP.
- SNMP consists of a manager and an agent; agents are embedded on every network device, and the manager is installed on a separate computer.
- SNMP holds two passwords to access and configure the SNMP agent from the management station:
- Read community string: It is public by default; allows viewing of device/system configuration.
- Read/write community string: It is private by default; allows remote editing of configuration.
- Attacker uses these default community strings to extract information about a device.
- Attackers enumerate SNMP to extract information about network resources such as hosts, routers, devices, shares, etc. and network information such as ARP tables, routing tables, traffic, etc.
snmpwalk -v 1 -c public 192.168.99.144
snmpcheck -t 192.168.99.144
Working of SNMP
Management Information Base (MIB)
- MIB is a virtual database containing formal description of all the network objects that can be managed using SNMP.
- The MIB database is hierarchical and each managed object in a MIB is addressed through Object Identifiers (OIDs).
- Two types of managed objects exist:
- Scalar objects that define a single object instance.
- Tabular objects that define multiple related object instances are grouped in MIB tables.
- The OID includes the type of MIB object such as counter, string, or address, access level such as not-accessible, accessible-for-notify, read-only or read-write, size restrictions, and range information.
- SNMP uses the MIB's hierarchical namespace containing Object Identifiers (OIDs) to translate the OID numbers into a human-readable display.
- User ID: SID(重要不可被查到)+RID(流水號，從1000開始)
- OpUtils: OpUtils with its integrated set of tools helps network engineers to monitor, diagnose, and troubleshoot their IT resources.
- Engineer's Toolset:
- Engineer's Toolset performs network discovery on a single subnet or a range of subnets using ICMP and SNMP.
- It scans a single IP, IP address range, or subnet and displays network devices discovered in real time.