SNMP - UDP 161, 162
Simple Network Management Protocol
SNMP works according to the client-server principle and is used for management and monitoring of network devices (routers, switches, printer, IoT devices, etc.). SNMP communication occurs mainly over port UDP 161 and 162.
MIB: Contains one or more OIDs. Gives information about queryable objects.
OID: Object identifier. Represents an object within the network.
SNMP Versions
Currently three version of the SNMP protocol exists. SNMPv3 is the most recent version, but SNMPv2 is still in use in most environment.
SNMPv1
No authentication and no encryption supported
SNMPv2
Version v2c involves the use of a community string that can be compared to a password. The community string is transferred in plain text within the network. No encryption is supported in v2 and v2c.
SNMPv3
Offers encrypted communication and authentication. A way more difficult to implement than the previous SNMP versions.
Misconfigurations
SNMP can be misconfigured by administrator. For example, if SNMP requires no authentication, anyone could retrieve the full OID tree and gain information about the internal network. Also, an administrator would want to restrict SNMP queries to only specific origin.
Footprinting SNMP
The tool snmpwalk can be used to query the OIDs and gain information about the internal network. The community string is needed for version 2c.
The tool onesixtyone can be used to brute force the community string. A wordlist of common community string can be found in the SecList repo.
Braa
When community string are found, we can use the tool Braa to brute force OIDs.
Resources
HackTricks. 161,162,10161,10162/udp - Pentesting SNMP. Here.
Heiland, D. SNMP Data Harvesting During Penetration Testing. Here.
Last updated