SNMP (Simple Network Management Protocol) Pentesting

SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161.

Enumeration

nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>

# For SNMP v1
# -c: Community name
snmpwalk -v1 -c public -m ALL <ip>:<port>
# For SNMP v2
snmpwalk -v2c -c public -m ALL <ip>:<port>
# For SNMP v3
# -l: Security level. 'noAuthNoPriv', 'authNoPriv', 'authPriv'.
snmpwalk -v3 -l noAuthNoPriv -c public -m ALL <ip>:<port>

# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public

Brute Force the Community Names

hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>

Configuration Files

cat /etc/snmp/snmpd.conf

PreviousRTSP (Real Time Streaming Protocol) Pentesting NextSSH (Secure Shell) Pentesting

Last updated 1 month ago

hashtag

hashtagEnumeration

hashtagBrute Force the Community Names

hashtagConfiguration Files

Enumeration

Brute Force the Community Names

Configuration Files