Skip to main content

Port 161 SNMP

snmp    - Simple Network Management Protocol
        - will provide the process running on the machines 
        - Share password for the machine

Words list for snmp

find /usr/share/seclists/ | grep -i snmp
snmp world list to probe
/usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt
/usr/share/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt

SNMP MIBs Trees

Basic

System Processes
Running Programs
Processes Path
Storage Units
Software Name
User Accounts
TCP Local Ports
1.3.6.1.2.1.25.1.6.0
1.3.6.1.2.1.25.4.2.1.2
1.3.6.1.2.1.25.4.2.1.4
1.3.6.1.2.1.25.2.3.1.4
1.3.6.1.2.1.25.6.3.1.2
1.3.6.1.4.1.77.1.2.25
1.3.6.1.2.1.6.13.1.3

Disks

Disks names (ns-disk-1-name)
Disks available space (ns-disk-1-avail)
Disks used space (ns-disk-1-used)
Disks use % (ns-disk-1-pct)
.1.3.6.1.4.1.2021.9.1.2
.1.3.6.1.4.1.2021.9.1.7
.1.3.6.1.4.1.2021.9.1.8
.1.3.6.1.4.1.2021.9.1.9

Interfaces

Interfaces Input Octets (ifInOctets)
Interfaces Input Errors (ifInErrors)
Interfaces Output Octets (ifOutOctets)
Interfaces Output Errors (ifOutErrors)
.1.3.6.1.2.1.2.2.1.10
.1.3.6.1.2.1.2.2.1.14
.1.3.6.1.2.1.2.2.1.16
.1.3.6.1.2.1.2.2.1.20

snmpwalk

basic snmpwalk command syntax

snmpwalk -c <community-string> -v1 $ip .
note

Dont forget dot in the end of the command. This would include all the MIB's
<community-string> is like a password when connecting to the ip on snmp protocol

Probing the community strings

check one by one all three community strings and version v1
for community in public private manager; do snmpwalk -c $community -v1 $ip | tee -a community-out.txt; done

Useful options -c : stands for community string
-v1, -v2c : 1 and 2c is most common version snmp devices
-r 1 : Retry 1 time -t 20 : Timeout is set to 20 seconds.

Enumerating Windows Users

snmpwalk -c public -v1 <ipaddress> 1.3.6.1.4.1.77.1.2.25

Enumerating Running Windows Processes

snmpwalk -c public -v1 <ipaddress> 1.3.6.1.2.1.25.4.2.1.2

Enumerating Open TCP Ports

snmpwalk -c public -v1 <ipaddress> 1.3.6.1.2.1.6.13.1.3

Enumerating Installed Software

snmpwalk -c public -v1 <ipaddress> 1.3.6.1.2.1.25.6.3.1.2

snmptranslate

Translate the descriptive OID to

$ snmptranslate  -On NET-SNMP-EXTEND-MIB::nsExtendOutput1Line.\"monitoring\"
.1.3.6.1.4.1.8072.1.3.2.3.1.1.10.109.111.110.105.116.111.114.105.110.103

snmpcheck

snmpcheck -t 192.168.1.X -c public

onesixtyone

onesixtyone -c <communityfile> -o <outputfile> -i hosts

Ref snmp

hacktricks snmp
snmp most useful Linux OIDs
INtroduction to SNMP