Monday, 10 April 2017

Hacking SNMP Service Part 1 - The Post Exploitation : Attacking Network - Network Pentesting





Hacking SNMP Service Part 1 - The Post Exploitation : Attacking Network - Network Pentesting


SNMP (Simple Network Management Protocol)

Simple Network Management Protocol (SNMP) is a popular protocol for network management. It is used for collecting information from, and configuring, network devices, such as servers, printers, hubs, switches, and routers on an Internet Protocol (IP) network.

With lots of usability, SNMP can be used by an attacker to compromise the services and IT infrastructure as well. which will cover later.


Now we will see how we can brute force the SNMP Services Community Strings.


But Why Crack SNMP Community Strings

The SNMP Read-Only Community String is like a user id or password. It is sent along with each SNMP Get-Request and allows (or denies) access to a router's or other device's statistics. If the community string is correct, the device responds with the requested information. If the community string is incorrect, the device simply ignores the request and does not respond.


What We Can Do By Community Strings.

Default community strings are "public" & "private" with "ro" (Read Only) & "rw" (Read & Write).
As it clear indicates, that Read only means user can only read the information & Read and Write means user can write/update the information present in SNMP.



What Is MIB in SNMP

The SNMP Management Information Base (MIB) is a database containing information
usually related to network management. The database is organized like a tree, where
branches represent different organizations or network functions. The leaves of the tree
(final endpoints) correspond to specific variable values that can then be accessed, and
probed, by an external user. To read more about the MIB tree, refer to the following




Hence SNMP is running in UDP port, Don`t forgot to perform to A UDP Based Scan in Network Pentest.

A) Metasploit

For SNMP use  auxiliary/scanner/snmp/snmp_login 


Set the following Parameters and hut run and you can see Metasploit has succeed in SNMP Community String is "mike" .



Personally, i will recommend Metasploit To SNMP Community String Crack . Because its take less time as compare to other tools.

B) Medusa

As medusa has great speed, Its also very useful to crack SNMP Strings.

medusa -h 192.168.131.135 -u admin -P Desktop/demo/wordlist -M snmp
Here no user of "-u admin" but Medusa required this value so we are giving it fulfilled the requirement.




And yes, Medusa found the valid community strings as "mike".

C ) onesixtyone

onesixtyone -c password 192.168.131.135

Onesoxtyone tool which also try to guess/crack the SNMP Community Strings using dictionary based attempts.

As we can see below, It have identified that "mike" is valid Community Strings.



In next post, we will see how we can use SNMP for Post Exploitation.







1 comment:

  1. I just couldn't leave your website before telling you that I truly enjoyed the top quality info you present to your visitors? Will be back again frequently to check up on new posts.

    ReplyDelete