Skip to content

SNMP Exploiter Research #3198

New issue
New issue
Closed
Closed
SNMP Exploiter Research#3198
#3259 (+2)
Assignees
cakekoaordabach
Labels
Complexity: LowExploitImpact: HighPluginsSpikeA small chunk of work with the objective of gathering information.
@mssalvatore

Description

@mssalvatore
mssalvatore
opened on Apr 5, 2023

Spike

Objective

We would like to build an exploiter that uses SNMP to achive lateral movement. The goal of this spike is to understand how SNMP can be abused to execute commands and thus be used for lateral movement.

Resources

https://rioasmara.com/2021/02/05/snmp-arbitary-command-execution-and-shell/
etingof/pysnmp#429

Output

  • A POC script that can be used as the basis for an SNMP exploiter.
  • A SNMP instance in GCP (PR 3198 snmp zoo instance #3237) (0.25d)
  • Add another packer example (0.5d)

Answer:

  • Can this be used on Linux? Yes
  • Can this be used on Windows?
  • How likely is this to be exploitable? Does it depend on an uncommon misconfiguration?
    • Requires SNMP community with write permissions. This may be the default configuration

Metadata

Metadata

Assignees

Labels

Complexity: LowExploitImpact: HighPluginsSpikeA small chunk of work with the objective of gathering information.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions