search

SNMP Enumeration

hashtag
Checking for string/SNMP availability

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt $ip snmp

We can also use onesixtyone for this. Onesixtone can also be used to check for IPs range have snmp. Below is the way to do that:

# Making strings list
echo -e "private\nprivate\nmanager" >> community

# Making a list of IPs to test
for ip in $(seq 1 254); do echo 192.168.x.$ip; done > ips

# Testing for SNMP
onesixtyone -c community -i ips

hashtag
Scanning for Data in SNMP

LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right

hashtag
Doing manually using Windows SNMP MIB values

MIB values correspond to specific Microsoft Windows SNMP parameters and contain much more than network-based information:

OID
MIB values

1.3.6.1.2.1.25.1.6.0

System Processes

1.3.6.1.2.1.25.4.2.1.2

Running Programs

1.3.6.1.2.1.25.4.2.1.4

Processes Path

1.3.6.1.2.1.25.2.3.1.4

Storage Units

1.3.6.1.2.1.25.6.3.1.2

Software Name

1.3.6.1.4.1.77.1.2.25

User Accounts

1.3.6.1.2.1.6.13.1.3

TCP Local Ports

circle-info

If you have gathered the process-related details, check for any abnormal processes and investigate for related exploits.

hashtag
Helpful Links:

LogoPage not found - HackTricksbook.hacktricks.xyzchevron-right
https://exploit-notes.hdks.org/exploit/network/protocol/snmp-pentesting/exploit-notes.hdks.orgchevron-right
PreviousSMB EnumerationNextFTP enumeration

Last updated