SNMP Enumeration -Simple Network Management Protocol

• Fix SNMP output values so they are human readable
  apt-get install snmp-mibs-downloader download-mibsecho "" > /etc/snmp/snmp.conf

• SNMP Enumeration Commands

  • snmpcheck -t $ip -c public

  • snmpwalk -c public -v1 $ip 1|

  • grep hrSWRunName|cut -d\* \* -f

  • snmpenum -t $ip

  • onesixtyone -c names -i hosts

• *

• SNMPv3 Enumeration
  nmap -sV -p 161 --script=snmp-info $ip/24

• Automate the username enumeration process for SNMPv3:
  apt-get install snmp snmp-mibs-downloaderwget https://raw.githubusercontent.com/raesene/TestingScripts/master/snmpv3enum.rb

• SNMP Default Credentials
  /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt

SNMP

Resources

What is SNMP?

How to get IPv6 Address through SNMP

SNMPv3Enum

SNMP Enumeration

Examples

# Overview
Default Community Names:
public, private, cisco, manager

Enumerate MIB:
1.3.6.1.2.1.25.1.6.0 System Processes
1.3.6.1.2.1.25.4.2.1.2 Running Programs
1.3.6.1.2.1.25.4.2.1.4 Processes Path
1.3.6.1.2.1.25.2.3.1.4 Storage Units
1.3.6.1.2.1.25.6.3.1.2 Software Name
1.3.6.1.4.1.77.1.2.25 User Accounts
1.3.6.1.2.1.6.13.1.3 TCP Local Ports

# Enmerate users from SNMP
Kali

>

 snmpwalk public -v1 192.168.X.XXX 1 | grep 77.1.2.25 | cut -d” “ -f4
Kali

>

 python /usr/share/doc/python-impacket-doc/examples/samrdump.py SNMP $TARGET

# Search SNMP with nmap
Kali

>

 nmap -sT -p 161 192.168.1.0/24 -oG snmp_results.txt

# Examples
Kali

>

 snmpwalk -c public -v1 $TARGET 1.3.6.1.2.1.25.4.2.1.2
Kali

>

 onesixtyone -c community -I $TARGET
Kali

>

 snmpcheck -t $TARGET
Kali

>

 snmpenum -t $TARGET

# Version3
Kali

>

 nmap -sV -p 161 --script=snmp-info 192.168.1.0/24

# Wordlists
/usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt