πŸ““
Sfoffo - Pentesting Notes
View on GitHub
  • 🏠/home/sfoffo/.pt-notes
  • 🏳️Contributions
    • 2024 Contributions
      • CVE-2024-42845
      • CVE-2024-41819
      • CVE-2024-41943
      • CVE-2024-50344
  • πŸ€Support this Project
  • πŸ“‚Active Directory
    • Initial Access
    • Internal Enumeration & Lateral Movement
    • Privilege Escalation to Domain Admin using Known Exploits
    • Domain Trusts
  • 🐧Linux Privilege Escalation
    • Enumerating Attack Vectors
    • Privileged Groups
    • Environment Variables Abuse
    • Capabilities Abuse
    • Programs, Jobs and Services
    • Miscellaneous Techniques
    • Recent CVEs
  • πŸͺŸWindows Privilege Escalation
    • Enumerating Attack Vectors
    • Excessive User Rights Abuse
    • Built-in Groups Abuse
    • File System ACLs
    • Services Hijacking
    • User Account Control (UAC) Bypass
    • Living off the Land
  • πŸ›Bug Bounty Hunting
    • Bug Bounty Tools
  • πŸ•ΈοΈWeb Applications
    • Web Attacks
      • Cross Site Scripting (XSS)
      • SQL Injection (SQLi)
      • File Upload Vulnerabilities
      • Insecure Direct Object References (IDOR)
      • OS Command Injection
      • Local File Inclusion (LFI)
      • Remote File Inclusion (RFI)
      • XML External Entities (XXE)
      • HTTP Verb Tampering
    • Web Technologies
      • Tomcat
      • CGI Applications
      • WordPress
      • WebDav
      • Microsoft IIS
      • SAP Netweaver
      • Joomla
      • Drupal
      • Gitlab
      • Jenkins
      • osTicket
      • PRTG Network Monitor
      • Splunk
    • Fuzzing
  • πŸ”Information Gathering
  • πŸ“œProtocols and Services
    • DNS
    • FTP
    • IMAP
    • IPMI
    • MSSQL
    • MySQL
    • NFS
    • Oracle TNS
    • POP3
    • RDP
    • SMB
    • SMTP
    • SNMP
  • πŸ‘ΎUtilities, Scripts and Payloads
    • Shells and Payloads
    • Metasploit Framework
    • File Transfers
    • Pivoting, Tunneling, Port Forwarding
    • Password Attacks
Powered by GitBook
On this page
  • Introduction
  • SNMP Enumeration
  • SNMP Enumeration using snmpwalk

Was this helpful?

Edit on GitHub
  1. Protocols and Services

SNMP

Introduction

  • Simple Network Management Protocol (SNMP) is a protocol for monitoring different devices in the network

  • It can contain different information about devices, including logs and credentials

  • By default, SNMNP runs on port 161 UDP

  • SNMP often requires a "community string" to authenticate


SNMP Enumeration

Command
Description

snmpwalk -v2c -c <FQDN/IP>

Querying OIDs using snmpwalk.

onesixtyone -c community-strings.list <FQDN/IP>

Bruteforcing community strings of the SNMP service.

braa @<FQDN/IP>:.1.*

Bruteforcing SNMP service OIDs.

snmp-check -c

Enumerate SNMP

SNMP Enumeration using snmpwalk

The following examples are given using the public community string. Replace it with your community string if needed.

  1. List all Windows Users: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.4.1.77.1.2.25

  2. List all running processes: snmpwalk-v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.4.2.1.2

  3. List all installed software: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.6.3.1.2

  4. List TCP listening ports: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.6.13.1.3

  5. Enumerate all info (might be too verbose): snmpwalk -v <snmp-version> -c <community-string> <IP> .1

  6. Get extended objects (might reveal some otherwise hidden info): snmpwalk -v <snmp-version> -c <string> <IP> NET-SNMP-EXTEND-MIB::nsExtendObjects

Last updated 11 months ago

Was this helpful?

πŸ“œ