|
|
@@ -0,0 +1,102 @@
|
|
|
+---
|
|
|
+title: SNMP Enumeration
|
|
|
+categories: [cheatsheets]
|
|
|
+tags: [pentesting]
|
|
|
+---
|
|
|
+
|
|
|
+# SNMP Enumeration
|
|
|
+
|
|
|
+## What is SNMP?
|
|
|
+
|
|
|
+* SNMP: Network Management Protocol
|
|
|
+* Transport: UDP
|
|
|
+* Port: 161
|
|
|
+
|
|
|
+
|
|
|
+Used for managing network devices like computers, printers, switches via UDP/IP.
|
|
|
+
|
|
|
+SNMP has three major components:
|
|
|
+
|
|
|
+1) **Managed Device:**
|
|
|
+ Device/Host (Node) with an enabled SNMP service. Can be Computers, Switches, Printers, Routers
|
|
|
+
|
|
|
+2) **Agent:**
|
|
|
+ Software that runs on a managed device. Converts information of the Node into a SNMP compatible format.
|
|
|
+
|
|
|
+4) **Network Management System (NMS):**
|
|
|
+ Software System that is used for monitoring the network devices.
|
|
|
+
|
|
|
+An agent can be queried for different information via SNMP. The agent provides a read-/writeable database, the so called management information base (MiB).
|
|
|
+This DB is hierarcically organized and contains objects (recognized by object identifier, OIDs).
|
|
|
+
|
|
|
+For authentication purpose, a so called community string is used. In early versions of SNMP the community string is send in plaintext over the network.
|
|
|
+
|
|
|
+Default community string: public
|
|
|
+
|
|
|
+
|
|
|
+## Enumeration
|
|
|
+
|
|
|
+### Tools
|
|
|
+
|
|
|
+* snmp-check
|
|
|
+* snmpwalk
|
|
|
+* onesixtyone
|
|
|
+
|
|
|
+
|
|
|
+### Multiple Information can be queried
|
|
|
+
|
|
|
+* snmp-check + sample output
|
|
|
+* Things that can be queried
|
|
|
+ * System information
|
|
|
+ * Network interfaces
|
|
|
+ * Network IP
|
|
|
+ * Routing information
|
|
|
+ * TCP connections and listening ports
|
|
|
+ * Network services
|
|
|
+ * Processes
|
|
|
+ * ...
|
|
|
+
|
|
|
+```
|
|
|
+sh> snmp-check <ip>
|
|
|
+
|
|
|
+snmp-check v1.9 - SNMP enumerator
|
|
|
+Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)
|
|
|
+
|
|
|
+[+] Try to connect to 10.11.1.128:161 using SNMPv1 and community 'public'
|
|
|
+
|
|
|
+[*] System information:
|
|
|
+
|
|
|
+ Host IP address : 10.11.1.128
|
|
|
+ Hostname : DJ
|
|
|
+ Description : Hardware: x86 Family 6 Model 15 Stepping 2 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
|
|
|
+ Contact : HASH(0xDEADBEF)
|
|
|
+ Location : -
|
|
|
+ Uptime snmp : 5 days, 20:52:20.00
|
|
|
+ Uptime system : 14:04:36.46
|
|
|
+ System date : 2019-9-29 15:44:29.4
|
|
|
+ Domain : WORKGROUP
|
|
|
+
|
|
|
+[*] Network interfaces:
|
|
|
+
|
|
|
+[...]
|
|
|
+
|
|
|
+[*] Network IP:
|
|
|
+
|
|
|
+[...]
|
|
|
+
|
|
|
+[*] Routing information:
|
|
|
+
|
|
|
+[...]
|
|
|
+
|
|
|
+[*] TCP connections and listening ports:
|
|
|
+
|
|
|
+[...]
|
|
|
+
|
|
|
+[*] Network services:
|
|
|
+
|
|
|
+[...]
|
|
|
+
|
|
|
+[*] Processes:
|
|
|
+
|
|
|
+[...]
|
|
|
+```
|
Hans Martin