SNMP 161,162,10161,10162

SNMP - Simple Network Management Protocol is a protocol used to monitor different devices in the network (like routers, switches, printers, IoTs...).

PORT STATE SERVICE REASON VERSION

161/udp open snmp udp-response ttl 244 ciscoSystems SNMPv3 server (public)

• Notes for SNMP

SNMP - Simple Network Management Protocol is a protocol used to monitor different devices in the network (like routers, switches, printers, IoTs...).

161,162,10161,10162/udp - Pentesting SNMPHackTricks

• Enumerate SNMP

onesixtyone {IP} -c /Discovery/SNMP/common-snmp-comunity-strings.txt or /usr/share/SecLists/Discovery/SNMP/snmp-onesixtyone.txt

Once we have brute forced to get the comunity string we can:

snmpwalk -c c_string -v version target --> Enumerates SNMP info of the given target.

Examples:

snmpwalk -v2c -c public 10.10.10.92

snmpwalk -v2c -c {comunity string} {IP} ipAddressType --> to get ipv6, then we can scan it with nmap and -6 parameter

snmpwalk -c c_string -v version target OID --> Obtains SNMP info at specified OID.

Example: snmpwalk -c public -v2c 10.10.10.92 1

To get clear results with snmpwalk --> apt install snmp-mibs-downloader --> comment mibs line in /etc/snmp/snmp.conf

snmpset -c c_string -v version target OID value_type value --> Changes the SNMP information a specified OID.

snmp-check {IP}

• Crack SNMP passwords

onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt {IP} -w 100

• Nmap snmp (no brute)

ls -l /usr/share/nmap/script | grep -i snmp --> Lists all SNMP-related nmap scripts.

nmap --script "snmp* and not snmp-brute" {IP}

nmap -sU -p 161 --script snmp-win32-service {IP}

nmap -SU -p 161 --script snmp-brute {IP}

nmap -SU -p 161 --script snmp-win32-users {IP}

• Hydra Brute Force, need Nothing

hydra -P {Big_Passwordlist} -v {IP} snmp