Hacking Notes
  • What is this?
  • Reconnaissance 🗣
    • Information Gathering 🗣
  • Enumeration 🎯
    • Host Discovery 🛎
    • DNS Enumeration
    • OS Discovery 🖥
    • Port Scanning 📟
    • WAF Evasion
  • Web 📱
    • Unrestricted File Upload
    • Templates Injections ✖️
    • File Inclusion
    • Login Panes
    • SQL Injection
    • NoSQL Injection
    • OAuth 2.0 Bypass
  • Privilege Escalation
    • Linux Privesc
    • Windows Privesc
    • Run Commands AS
  • Post Explotation 💀
    • Port Forwarding and Tunneling
    • Transfering Files 📤
    • Reverse Shell 🔙
    • Crypto 101 👁
    • AV Evasion
    • Bypass UAC
    • Get Credentials
  • Services
    • PORT 21/tcp - FTP
    • PORT 25/tcp - SMTP
    • PORT 53/tcp/udp - DNS
    • Port 80,443/tcp - HTTP
    • Port 111/tcp - RPCBind
    • PORT 143,993/tcp - IMAP
    • PORT 139,445/tcp - SMB
    • PORT 161/udp - SNMP
    • PORT 1100/tcp - Java RMI
    • PORT 1433/tcp - Microsoft SQL Server
    • PORT 2049/tcp - NFS
    • PORT 3306/tcp MySQL
    • PORT 3389/tcp RDP
    • PyPI Server
  • Software
    • Tomcat
    • Jenkins
    • Drupal
    • Wordpress
  • Client-Side Attacks
    • Evil PDF
    • Microsoft Office Macros
  • Other
    • Hacking WiFI
      • WPA/WPA2 PSK
      • WPA/WPA2 PEAP (Enterprise)
      • WEP
    • Hacking with Powershell
    • Hacking AWS
  • Exploiting
    • Buffer Overflow
  • Active Directory
    • 🖥️AD Attacks
Powered by GitBook
On this page
  • Introduction
  • Scanning the network
  • Bruteforce attack
  • Enumeration
  • Entire MIB Tree
  • Windows Users
  • Running Windows Processes
  • Open TCP Ports
  • Installed Software

Was this helpful?

  1. Services

PORT 161/udp - SNMP

The Simple Network Management Protocol (SNMP) talks to your network to find out information related to this network device activity: for example, bytes, packets, and errors transmitted and received.

Introduction

SNMP is not well-understood by many network administrators. This often results in SNMP misconfigurations, which can result in significant information leakage.

Scanning the network

To scan for open SNMP ports we can use nmap:

sudo nmap -sU --open -P 161 <ip-addr>/<mask> -oG open-snmp.nmap

Bruteforce attack

We can use tools such as onesixtyone, which will attempt to brute force attack against a list of IP addresses. First we need to create a file containing community strings:

echo public > community.txt
echo private >> community.txt
echo manager >> community.txt

for ip in $(seq 1 254); do echo 10.0.0.$ip; done > ips.txt

And run the tool:

onesixtyone -c community.txt -i ips.txt

Enumeration

Entire MIB Tree

snmpwalk -c public -v1 -t 10 <ip-addr>

Windows Users

snmpwalk -c public -v1 -t <ip-addr> 1.3.6.1.4.1.77.1.2.25

Running Windows Processes

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.25.4.2.1.2

Open TCP Ports

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.6.13.1.3

Installed Software

snmpwalk -c public -v1 <ip-addr> 1.3.6.1.2.1.25.6.3.1.2
PreviousPORT 139,445/tcp - SMBNextPORT 1100/tcp - Java RMI

Last updated 3 years ago

Was this helpful?