Skip to main content

SNMP Basics

SNMP stands for Simple Network Management Protocol.
It was created in 1988. The purpose of its creation was to manage a growing number of network elements in a computer network. Slowly, this protocol started becoming popular and it forms the basis of network management today.

Through snmp one can retrieve information about network devices like routers, printers, hubs or even normal computers. The information that can be retrieved through snmp is endless. Some examples of the type of information that can be retrieved through snmp are :

  • System up time
  • CPU usage level
  • Disk usage level
  • Network settings etc.

Not only information can be retrieved but also these network devices can be configured with new values through snmp. Despite being simple in its design and approach, its the sheer power of this protocol that makes its popular network management protocol today.

SNMP system design

A computer network system that uses SNMP for network management consists of the three fundamental components :
The SNMP manager : It is a software that usually runs on the machine of network administrator or any human manager managing the computer network.
The SNMP agent : It is a software that usually runs on the network node that is to be monitored. This node could be a printer, router etc.
The SNMP MIB : MIB stands for Management information base. This component makes sure that the data exchange between the manager and the agent remains structured.
So we can easily say that the SNMP manager acts as an interface between human network manager and the network node being managed. Similarly, the SNMP agent acts as an interface between the SNMP manager and the network node being monitored.


The definition of SNMP MIB can be a bit cryptic to newbies. So lets understand the concept of SNMP MIBs through a small example here.

Suppose a mobile company server sends a poll question to all the company’s subscribers through SMS. Being that company’s subscriber, you get that message on your phone and you reply to it. Simple enough. Now, assume a situation where in a next poll the same company sends MMS this time. But, this time your phone is not able to comprehend that SMS due to some of its technology limitations (or any other problem). So, in this case you won’t be able to receive and hence reply to the MMS.

So we see that the problem above happened because of lack of some MMS capabilities on your phone. So, in a nutshell your phone was not able to comprehend the incoming message successfully.

One could assume that same is the case with SNMP manager and an SNMP agent. The network protocol used between them is of-course SNMP but there has to be a protocol for composing and comprehending the information being queried. The information being queried could be anything like the disk usage of the network node that has agent running on it. So the crux is that there should be a standard structure in which the the query should be formed by the SNMP manager and the query should be understood by the SNMP agent.

The very basic component of the structure used in case of SNMP is an object. Every information that can be queried through SNMP is looked in terms of an object. For example the a system’s up time is an object known as ‘sysUpTime’. Every object is has an associated ID known as Object ID or OID which is unique for every object. A group of objects form a MIB.

For example, if you take a look at the following images :

You will see that the whole information system in SNMP is in a form of tree where individual information nodes are objects having unique OIDs. For example the unique OID for the object sysUpTime is . . Looking at the figure above, you can easily deduce this OID. The ’0′ at the last of OID signifies that this object is a scalar and not a table.

There is also a textual description of the numeric OID. For example, the textual description of sysUpTime OID (presented above) is

SNMP Messages

SNMP communication between manager and agent takes place in form of messages. Following are the basic messages used for communication :

The messages GET and GET-NEXT are used to fetch the value of a particular MIB object. The message GET-RESPONSE is used mostly by the agent to send the response to a GET or GET-NEXT message. The message SET is used by the manager to set the new value of a particular MIB object at the agent. The message TRAP is used by the agent to send information about some alarming values for some object to the manager so that appropriate action could be taken by the manager.

At the transport layer, the protocol used for SNMP message transportation is UDP. This is because UDP outperforms TCP in lossy networks where congestion is usually very high.
Port No.162:TRAPS


Popular posts from this blog

Animated Cursor Vulnerability

Step1: create two file on attacker side 1) default index.html and 2) cursor file to load

Now save the proof of concept in a txt file(cursor.txt). use above command to cut down the hex part from proof of concept and paste it in buffer.ani
Step2:upload the above two files in your apache webserver. 
Step3: Try to open index.html from window-xp and analyse the behavior of IE using ollydgb in order to find the offset address where EIP will get over written. Attach IE in ollydgb and put malicious url in it.

As we can see now that EIP is overwritten with 42424242 that means this place is our offset.
Now we will put the address of jump instruction in place of 42424242 which we will get from user32.dll by searching for command JUMP DWORD [EBX],now we jumped at ebx because it contain the malicious .ani file address.

Just go into view=>executable=>user32.dll , press enter.

Now try to find a jump [ebx] instruction in user32.dll by pressing ctrl+f.Now note down the address of this instruction.…

Hacking Windows 10 UWP App: DLL Injection & common Vulnerabilities

I recently started working on  widows 10 Apps( Apps not Applications) security. Before diving deep in hacking terms lets try to understand what's new in Windows 10 UWP( Universal Platform) as compared to old Apps. Lets begin with how apps actually work on windows 10(desktop/tablet). Now windows 10 comes with a container only for running apps inside the isolated environment. By default, /APPCONTAINER(Linker Flag) is off. This option modifies an executable to indicate whether the app must be run in the appcontainer process-isolation environment. Specify /APPCONTAINER for an app that must run in the appcontainer environment—for example, a Windows Store app. (The option is set automatically in Visual Studio when you create a Windows Store app from a template.) For a desktop app, specify /APPCONTAINER:NO or just omit the option. The /APPCONTAINER option was introduced in Windows 8.
Now there is no registry entry concept for these app in the System HIVE rather they install they own hiv…

Assignment 01(Enroll TO Offensive-Security Course)

Steps 1:download the page.
2:open fc4.js in your favourite editor and add following lines in it or just replace it with vode given below.
3:then open the download html file in browser and fill the form with your email and a garbage value string.
4:thats it? it will show you the real security string??
yeah but  ...theirs another challenge waiting for you ... :D

function fc4me(srvstr) {

   if(! || !document.pleazfc4me.securitystring.value) {
      alert("Please fill in all the required fields!");
      return false;
   else {
   var t=hexMD5("\x74\x72\x79\x68\x61\x72\x64\x65\x72"+srvstr)

Finally Got In :-)