SNMP
Simple Network Management Protocol (SNMP) A widely used network monitoring and control protocol.
Last updated
Simple Network Management Protocol (SNMP) A widely used network monitoring and control protocol.
Last updated
The SNMP is based on UDP and stateless. moreover, the SNMP protocol version 1,2 and 2c has no traffic encryption which allows attackers to intercept sensitive information.
In addition, The old SNMP versions have weak authentication methods which are usually configured with the default public and private community strings.
In order to rederive information about the target, network administrators often rely on Management Information Bases (MIBs), which define the structure of the data that can be queried via SNMP. The Object Identifier (OID) is a key component of MIBs, allowing for the precise identification of specific variables and objects within the network.
Windows System Overview and Key Components OIDs:
1.3.6.1.2.1.25.1.6.0
System Processes
1.3.6.1.2.1.25.4.2.1.2
Running Programs
1.3.6.1.2.1.25.4.2.1.4
Processes Path
1.3.6.1.2.1.25.2.3.1.4
Storage Units
1.3.6.1.2.1.25.6.3.1.2
Software Name
1.3.6.1.4.1.77.1.2.25
User Accounts
1.3.6.1.2.1.6.13.1.3
TCP Local Ports
Useful wordlist:
Now, after we found that the SNMP's Community strings, its possible to enumerate senetivce information using snmpwalk:
-v: defines the snmp version.
-c: defines the community sting.
Get Extended attributes
Using private key with write permissions it is possible exploit the extended object table and run arbitrary commands on the target machine
The repo below leverage this to reverse shell using python script
