SNMP

Introduction

Simple Network Management Protocol (SNMP) is a protocol for monitoring different devices in the network
It can contain different information about devices, including logs and credentials
By default, SNMNP runs on port 161 UDP
SNMP often requires a "community string" to authenticate

SNMP Enumeration

Command	Description
snmpwalk -v2c -c <FQDN/IP>	Querying OIDs using snmpwalk.
onesixtyone -c community-strings.list <FQDN/IP>	Bruteforcing community strings of the SNMP service.
braa @<FQDN/IP>:.1.*	Bruteforcing SNMP service OIDs.
snmp-check -c	Enumerate SNMP

Command

Description

snmpwalk -v2c -c <FQDN/IP>

Querying OIDs using snmpwalk.

onesixtyone -c community-strings.list <FQDN/IP>

Bruteforcing community strings of the SNMP service.

braa @<FQDN/IP>:.1.*

Bruteforcing SNMP service OIDs.

snmp-check -c

Enumerate SNMP

SNMP Enumeration using snmpwalk

The following examples are given using the public community string. Replace it with your community string if needed.

List all Windows Users: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.4.1.77.1.2.25
List all running processes: snmpwalk-v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.4.2.1.2
List all installed software: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.25.6.3.1.2
List TCP listening ports: snmpwalk -v <snmp-version> -c <string> <IP> 1.3.6.1.2.1.6.13.1.3
Enumerate all info (might be too verbose): snmpwalk -v <snmp-version> -c <community-string> <IP> .1
Get extended objects (might reveal some otherwise hidden info): snmpwalk -v <snmp-version> -c <string> <IP> NET-SNMP-EXTEND-MIB::nsExtendObjects

Last updated 2 months ago