OSCP Notes
Search…
SNMP
Internet Standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior.

Enumerate Community strings

1
./onesixtyone -c /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt $ip
Copied!
1
python snmpbrute.py -t $ip
Copied!
1
nmap -sU $ip -p161 --script=snmp-brute -Pn --script-args snmp-brute.communitiesdb=list.txt
Copied!
1
## snmp-check
2
snmp-check $ip -c public
Copied!

Nmap script

1
nmap -sU -p161 --script "snmp-*" $ip
Copied!
1
nmap -n -vv -sV -sU -Pn -p 161,162 –script=snmp-processes,snmp-netstat IP
Copied!

snmpwalk

1
apt install snmp-mibs-downloader #translates MIBs into readable format
Copied!
1
for community in public private manager; do snmpwalk -c $community -v1 $ip; done
2
snmpwalk -c public -v1 $ip
3
snmpenum $ip public windows.txt
Copied!
Less noisy
1
snmpwalk -c public -v1 $ip 1.3.6.1.4.1.77.1.2.25
Copied!
Based on UDP, stateless and susceptible to UDP spoofing
1
nmap -sU --open -p 16110.1.1.1-254 -oG out.txt
Copied!
1
snmpwalk -c public -v1 $ip # we need to know that there is a community called public
2
snmpwalk -c public -v1 $ip 1.3.6.1.4.1.77.1.2.25 # enumerate windows users
3
snmpwalk -c public -v1 $ip 1.3.6.1.2.1.25.4.2.1.2 # enumerates running processes
Copied!
1
nmap -vv -sV -sU -Pn -p 161,162 --script=snmp-netstat,snmp-processes $ip
Copied!

SNMPv3 enumeration

1
wget https://raw.githubusercontent.com/raesene/TestingScripts/master/snmpv3enum.rb; ./snmpv3enum.rb
Copied!

Wordlist

1
/usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt
Copied!

SNMP MIB Trees

    1.3.6.1.2.1.25.1.6.0 - System Processes
    1.3.6.1.2.1.25.4.2.1.2 - Running Programs
    1.3.6.1.2.1.25.4.2.1.4 - Processes Path
    1.3.6.1.2.1.25.2.3.1.4 - Storage Units
    1.3.6.1.2.1.25.6.3.1.2 - Software Name
    1.3.6.1.4.1.77.1.2.25 - User Accounts
    1.3.6.1.2.1.6.13.1.3 - TCP Local Ports

Exploitation

    Gather version numbers
    Searchsploit
    Default Creds
    Creds previously gathered
    Download the software
Last modified 1yr ago