SNMP

• Simple network management protocol was created to monitor network devices

• snmpwalk, onesixtyone and braa can be used to footprint snmp

• Sometimes only shown on UDP scans

  • nmap -sV --top-port 100 -sU <IP>

• snmpwalk

  • snmpwalk -v2c -c <OID name> 10.129.14.128
    snmpwalk -c public -v1 -t 10 192.168.50.151
    
    
    snmpwalk -c public -v1 192.168.50.151 1.3.6.1.4.1.77.1.2.25
    
    ##enumerate currently running processes
    snmpwalk -c public -v1 192.168.50.151 1.3.6.1.2.1.25.4.2.1.2
    
    ##query all software installed on the machine 
    snmpwalk -c public -v1 192.168.50.151 1.3.6.1.2.1.25.6.3.1.2
    
    ##list all current tcp listening ports
    snmpwalk -c public -v1 192.168.50.151 1.3.6.1.2.1.6.13.1.3

Nmap

sudo nmap -sU --open -p 161 192.168.50.1-254 -oG open-snmp.txt

OneSixtyOne

##first build text files containing strings
echo public > community
echo private >> community
echo manager >> community
##create ip file
for ip in $(seq 1 254); do echo 192.168.50.$ip; done > ips
##scan IP range for community strings 
onesixtyone -c community -i ips

##test an individual IP
onesixtyone -c /opt/useful/seclists/Discovery/SNMP/snmp.txt 10.129.14.128

Braa

braa public@10.129.14.128:.1.3.6.*