SNMP (Simple Network Management Protocol) Pentesting

SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A defaul

Enumeration

nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>

Snmp-Check

Snmp-Check is SNMP enumerator.

# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public

If we found the community name, brute force it.

Brute Force the Community Names

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>

Configuration Files

cat /etc/snmp/snmpd.conf

PreviousRestricted Shell (rbash, rzsh) Bypass NextSSH (Secure Shell) Pentesting

Last updated 1 year ago