View on GitHub

SNMP

Introduction

  • Simple Network Management Protocol (SNMP) is a protocol for monitoring different devices in the network

  • It can contain different information about devices, including logs and credentials

  • By default, SNMNP runs on port 161 UDP

  • SNMP often requires a "community string" to authenticate

SNMP Enumeration

Command
Description

snmpwalk -v2c -c <FQDN/IP>

Querying OIDs using snmpwalk.

onesixtyone -c community-strings.list <FQDN/IP>

Bruteforcing community strings of the SNMP service.

braa @<FQDN/IP>:.1.*

Bruteforcing SNMP service OIDs.

snmp-check -c

Enumerate SNMP

Common community strings list #1

GitHub-link

Common community strings list #2

GitHub-link

SNMP Enumeration using snmpwalk

The following examples are given without using any community string. You can fuzz for default or common community strings using the wordlists linked in the table above. Most of the times, the default community strings you might find are public and private

  1. List all Windows Users: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.4.1.77.1.2.25

  2. List all running processes: snmpwalk-v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.4.2.1.2

  3. List all installed software: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.6.3.1.2

  4. List TCP listening ports: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.6.13.1.3

  5. Enumerate all info (might be too verbose): snmpwalk -v <snmp-version> -c <community-string> <IP> .1

  6. Get extended objects (might reveal some otherwise hidden info): snmpwalk -v <snmp-version> -c <string> <IP> NET-SNMP-EXTEND-MIB::nsExtendObjects

Last updated

Was this helpful?