1 Sniff cleartext SNMP communications 2 Pose as an SNMP manager 3 Passively or actively inject XSS data or other improperly formatted strings
msf > search snmp msf > search scanner name:snmp msf > search exploit name:snmp -S great
The Simple Network Management Protocol (SNMP) is a protocol used to monitor and manage network devices. SNMP uses UDP port 161.
There are three basic categories of SNMP exploits:
Sniffing cleartext SNMP communications between managers and agents to obtain the community string or information from the devices. This can include statistics about hardware, interface traffic, services, users, groups, route tables, listening ports, running processes, and much more.
Posing as an SNMP manager, providing the correct community string, and enumerate information from SNMP agents.
Exploiting the implicit trust SNMP managers have with the assets they manage. Most NMSs do not carefully validate the input from their agents. An adversary could passively or actively inject XSS data or other improperly formatted strings from the agent to the NMS. These could result in buffer overflows or arbitrary command injection.