# SNMP (Simple Network Management Protocol) Pentesting ## SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161. ### Enumeration ```shellscript nmap -sU --script snmp-info -p 161 nmap -sU --script snmp-interfaces -p 161 nmap -sU --script snmp-processes -p 161 nmap -sU --script snmp-sysdescr -p 161 nmap -sU --script snmp* -p 161 # For SNMP v1 # -c: Community name snmpwalk -v1 -c public -m ALL : # For SNMP v2 snmpwalk -v2c -c public -m ALL : # For SNMP v3 # -l: Security level. 'noAuthNoPriv', 'authNoPriv', 'authPriv'. snmpwalk -v3 -l noAuthNoPriv -c public -m ALL : # -c: community # -p: port snmp-check -p 161 -c public ``` #### Brute Force the Community Names ```shellscript hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt snmp onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt ``` ### Configuration Files ```shellscript cat /etc/snmp/snmpd.conf ```