Usage snmpenum.pl public windows.txt
SolarWinds Toolset When it comes to SNMP enumeration, I am not a big fan of command line tools found in
BackTrack. What I prefer is the solar winds toolset. This toolset was made for network administra-
tion and monitoring purposes; however, hackers and pentesters can use it to their advantage. There
are lots of tools that are found in the solarwinds toolset, which are much simpler than tools found
in BackTrack. However, it all depends on what you are more comfortable with.
However, the only problem with the solarwinds engineer toolset is that it’s not free. It’s very
expensive, but they do offer a 14-day trial version.
Now let’s take a look at some of the SNMP enumeration tools that are found in the solarwinds
engineer toolset. This is how solarwinds’ control panel looks like.
86 ◾
Ethical Hacking and Penetration Testing Guide As you can see, it has many tools related to network discovery, monitoring, and SNMP, which a
hacker can use to his advantage.
SNMP Sweep Under network discovery, you would find a very interesting tool named “SNMP sweep.” This tool
could be used to gather information about the devices running on your network. More impor-
tantly, when I ran a scan against my LAN, it managed to find the community string of a device
running SNMP.
SNMP Brute Force and Dictionary Under the “Security” tab, it also has SNMP brute force and SNMP dictionary attack tools to
guess weak passwords. I would not recommend SNMP brute force, since it tries all possible com-
binations, which takes a long time. However, an SNMP dictionary tool allows you to specify a
dictionary, which will be used against an SNMP server in order to guess valid credentials.
SNMP Brute Force Tool This tool is very simple to use. Just enter the host, and it will try to brute-force the passwords
with all possible combinations. The problem with the brute force tool is that it is both time- and
resource consuming if the password is long. Therefore, it’s not recommended in most cases.