Back to course

Enumerating SNMP

Cyber Security Mastery: From Zero to Hero

Hiding in Management Protocols

SNMP (Simple Network Management Protocol) is used to manage and monitor network devices (routers, switches, servers) remotely. It runs primarily on UDP ports 161 and 162.

The Security Risk

SNMP uses community strings (like passwords) to authenticate access. The default strings (public for read-only, private for read/write) are often left unchanged.

If an attacker gains read-only access using public, they can gather critical system information:

  • Network interfaces and configuration.
  • Installed software and running services.
  • System uptime and physical location details.

Tool: snmp-check (Kali Tool)

This tool is specifically designed to query SNMP agents and enumerate information using community strings.

bash

Checking the target using the default 'public' string

snmp-check 192.168.1.100 -c public