A Pentester's Guide to SNMP: Exploitation, Misconfigurations, and Hardening
Introduction to the Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is a widely used Internet Standard protocol for managing and monitoring devices on IP networks. While essential for network administration, its often-insecure default configurations and legacy versions present a rich attack surface for penetration testers, bug bounty hunters, and red teamers. This article provides a comprehensive guide to understanding, enumerating, and exploiting SNMP, covering all protocol versions, common misconfigurations, notable vulnerabilities with public proofs-of-concept (PoCs), and an extensive deep-dive into attacking the more modern SNMPv3. SNMP Ports and Versions SNMP primarily operates over the User Datagram Protocol (UDP) on two standard ports: Port 161/UDP : The default port where SNMP agents listen for incoming requests. Port 162/UDP : The default port where SNMP managers receive asynchronous traps (notifications) from age...