SNMP Enumeration

Checking for string/SNMP availability

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt $ip snmp

We can also use onesixtyone for this. Onesixtone can also be used to check for IPs range have snmp. Below is the way to do that:

# Making strings list
echo -e "private\nprivate\nmanager" >> community

# Making a list of IPs to test
for ip in $(seq 1 254); do echo 192.168.x.$ip; done > ips

# Testing for SNMP
onesixtyone -c community -i ips

Scanning for Data in SNMP

LogoPage not found - HackTricksbook.hacktricks.xyz

Doing manually using Windows SNMP MIB values

MIB values correspond to specific Microsoft Windows SNMP parameters and contain much more than network-based information:

OID
MIB values

1.3.6.1.2.1.25.1.6.0

System Processes

1.3.6.1.2.1.25.4.2.1.2

Running Programs

1.3.6.1.2.1.25.4.2.1.4

Processes Path

1.3.6.1.2.1.25.2.3.1.4

Storage Units

1.3.6.1.2.1.25.6.3.1.2

Software Name

1.3.6.1.4.1.77.1.2.25

User Accounts

1.3.6.1.2.1.6.13.1.3

TCP Local Ports

If you have gathered the process-related details, check for any abnormal processes and investigate for related exploits.

Helpful Links:

LogoPage not found - HackTricksbook.hacktricks.xyz
https://exploit-notes.hdks.org/exploit/network/protocol/snmp-pentesting/exploit-notes.hdks.org
PreviousSMB EnumerationNextFTP enumeration

Last updated