SNMP (udp-161)
Post

SNMP (udp-161)

09/09/2022 03/05/2023
shuciran
1

SNMPWALK

Enumerate the entire public community using SNMPv2, -t 10 to increase the timeout period to 10 seconds:

1
2

snmpwalk -v 2c -c Public -t 10 10.10.11.107
snmpcheck 10.10.202.78 -c Public

Examples: [[Antique#^160482]]

Enumerating Windows Users

This example enumerates the Windows users:

1
2
3
4
5

snmpwalk -c public -v1 10.11.1.14 1.3.6.1.4.1.77.1.2.25
iso.3.6.1.4.1.77.1.2.25.1.1.3.98.111.98 = STRING: "bob"
iso.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116 = STRING: "Guest"
iso.3.6.1.4.1.77.1.2.25.1.1.8.73.85.83.82.95.66.79.66 = STRING: "IUSR_BOB"
...

Enumerate Windows Processes

This example enumerates the running Windows processes:

1
2
3
4
5
6
7
8
9
10
11
12

snmpwalk -c public -v1 10.11.1.73 1.3.6.1.2.1.25.4.2.1.2
iso.3.6.1.2.1.25.4.2.1.2.1 = STRING: "System Idle Process"
iso.3.6.1.2.1.25.4.2.1.2.4 = STRING: "System"
iso.3.6.1.2.1.25.4.2.1.2.224 = STRING: "smss.exe"
iso.3.6.1.2.1.25.4.2.1.2.324 = STRING: "csrss.exe"
iso.3.6.1.2.1.25.4.2.1.2.364 = STRING: "wininit.exe"
iso.3.6.1.2.1.25.4.2.1.2.372 = STRING: "csrss.exe"
iso.3.6.1.2.1.25.4.2.1.2.420 = STRING: "winlogon.exe"
iso.3.6.1.2.1.25.4.2.1.2.448 = STRING: "services.exe"
iso.3.6.1.2.1.25.4.2.1.2.480 = STRING: "lsass.exe"
iso.3.6.1.2.1.25.4.2.1.2.488 = STRING: "lsm.exe"
...

Enumerating Open TCP Ports

This example enumerates the open TCP ports:

1
2
3
4
5
6

snmpwalk -c public -v1 10.11.1.14 1.3.6.1.2.1.6.13.1.3
iso.3.6.1.2.1.6.13.1.3.0.0.0.0.21.0.0.0.0.18646 = INTEGER: 21
iso.3.6.1.2.1.6.13.1.3.0.0.0.0.80.0.0.0.0.45310 = INTEGER: 80
iso.3.6.1.2.1.6.13.1.3.0.0.0.0.135.0.0.0.0.24806 = INTEGER: 135
iso.3.6.1.2.1.6.13.1.3.0.0.0.0.443.0.0.0.0.45070 = INTEGER: 443
...

Enumerating Installed Software

This example enumerates installed software:

1
2
3
4
5
6
7

snmpwalk -c public -v1 10.11.1.50 1.3.6.1.2.1.25.6.3.1.2
iso.3.6.1.2.1.25.6.3.1.2.1 = STRING: "LiveUpdate 3.3 (Symantec Corporation)"
iso.3.6.1.2.1.25.6.3.1.2.2 = STRING: "WampServer 2.5"
iso.3.6.1.2.1.25.6.3.1.2.3 = STRING: "VMware Tools"
iso.3.6.1.2.1.25.6.3.1.2.4 = STRING: "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"
iso.3.6.1.2.1.25.6.3.1.2.5 = STRING: "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030"
...

snmpbulkwalk

SNMP enumeration with threads, much more faster that snmpwalk.

1

snmpbulkwalk -v2c -c public 10.10.10.240

OneSixtyOne

Attempt a brute force of communities against an IP address:

1

onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp-onesixtyone.txt 10.210.210.97

Windows Interesting MIBs:

For example, the following MIB values correspond to specific Microsoft Windows SNMP parameters and contains much more than network-based information:

MIBObject
1.3.6.1.2.1.25.1.6.0System Processes
1.3.6.1.2.1.25.4.2.1.2Running Programs
1.3.6.1.2.1.25.4.2.1.4Processes Path
1.3.6.1.2.1.25.2.3.1.4Storage Units
1.3.6.1.2.1.25.6.3.1.2Software Name
1.3.6.1.4.1.77.1.2.25User Accounts
1.3.6.1.2.1.6.13.1.3TCP Local Ports
01 Enumeration, SNMP (udp-161)
snmp enumeration