SNMP

• Port: 161
• Protocol : udp

Table of content

• Nmap
• Onesixtyone
• Snmpenum
• Snmpwalk
  • Read values
  • Write values
• Ressources

Nmap

• snmp-brute: brute-force snmp community strings
• snmp-interfaces: list target network interfaces

Onesixtyone

This tool can be used to brute-force community strings.

sudo apt install onesixtyone
onesixtyone -c ${wordlist} ${ip}

The following wordlist is given with the software /usr/share/doc/onesixtyone/dict.txt

Snmpenum

Auto enumeration

sudo cpan Net::SNMP
git clone https://raw.githubusercontent.com/ajohnston9/snmpenum
./snmpenum.pl ${ip} ${community} ${conf}

The configuration file is given in the git. Choose the one related to the target's OS.

Snmpwalk

sudo apt-get install snmp snmp-mibs-downloader

In /etc/snmp/snmp.conf, comment the mibs: line.

Read values

Enumerate SNMP with snmpwalk

snmpwalk -c ${community} ${ip} -v${version}
# Version : 1, 2c
#
# Output
# iso.3.6.1.2.1.1.1.0 = STRING: "Linux pandora 5.4.# 0-91-generic #102-Ubuntu SMP Fri Nov 5 16:31:28 UTC # 2021 x86_64"
# iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.8072.3.2.10
# iso.3.6.1.2.1.1.3.0 = Timeticks: (4973873) 13:48:58.# 73
# iso.3.6.1.2.1.1.4.0 = STRING: "Daniel"
# iso.3.6.1.2.1.1.5.0 = STRING: "pandora"
# iso.3.6.1.2.1.1.6.0 = STRING: "Mississippi"
# iso.3.6.1.2.1.1.7.0 = INTEGER: 72
# iso.3.6.1.2.1.1.8.0 = Timeticks: (80) 0:00:00.80
# iso.3.6.1.2.1.1.9.1.2.1 = OID: iso.3.6.1.6.3.10.3.1.# 1
# iso.3.6.1.2.1.1.9.1.2.2 = OID: iso.3.6.1.6.3.11.3.1.# 1
# [...]

• Machine name : 3.6.1.2.1.1.5.0
• Disk information : 1.3.6.1.4.1.2021.9
• Custom extension : .1.3.6.1.4.1.8072.1.3.2

Write values

Modify SNMP value with snmpset

snmpset -v 1 -c ${community} ${ip} ${paramName} s ${value}

• paramName : the value outputed by snmpwalk. For example : iso.3.6.1.2.1.1.5.0

Ressources

• Exploit SNMP: https://resources.infosecinstitute.com/topic/snmp-pentesting/