PORT 161/udp - SNMP

The Simple Network Management Protocol (SNMP) talks to your network to find out information related to this network device activity: for example, bytes, packets, and errors transmitted and received.

Introduction

SNMP is not well-understood by many network administrators. This often results in SNMP misconfigurations, which can result in significant information leakage.

Scanning the network

To scan for open SNMP ports we can use nmap:

sudo nmap -sU --open -P 161 <ip-addr>/<mask> -oG open-snmp.nmap

Bruteforce attack

We can use tools such as onesixtyone, which will attempt to brute force attack against a list of IP addresses. First we need to create a file containing community strings:

echo public > community.txt
echo private >> community.txt
echo manager >> community.txt

for ip in $(seq 1 254); do echo 10.0.0.$ip; done > ips.txt

And run the tool:

onesixtyone -c community.txt -i ips.txt

Enumeration

Entire MIB Tree

snmpwalk -c public -v1 -t 10 <ip-addr>

Windows Users

snmpwalk -c public -v1 -t <ip-addr> 1.3.6.1.4.1.77.1.2.25

Running Windows Processes

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.25.4.2.1.2

Open TCP Ports

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.6.13.1.3

Installed Software

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.25.6.3.1.2

PreviousPORT 139,445/tcp - SMB NextPORT 1100/tcp - Java RMI

Last updated 4 years ago

hashtagIntroduction

hashtagScanning the network

hashtagBruteforce attack

hashtagEnumeration

hashtagEntire MIB Tree

hashtagWindows Users

hashtagRunning Windows Processes

hashtagOpen TCP Ports

hashtagInstalled Software