SNMP (Simple Network Management Protocol) Pentesting
Last modified: 2022-12-22
Network
SNMP is an internet standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. It uses UDP. A default port is 161.
Enumeration
nmap -sU --script snmp-info -p 161 <target-ip>
nmap -sU --script snmp-interfaces -p 161 <target-ip>
nmap -sU --script snmp-processes -p 161 <target-ip>
nmap -sU --script snmp-sysdescr -p 161 <target-ip>
nmap -sU --script snmp* -p 161 <target-ip>
Snmp-Check
Snmp-Check is SNMP enumerator.
# -c: community
# -p: port
snmp-check <target-ip> -p 161 -c public
If we found the community name, brute force it.
Brute Force the Community Names
hydra -P /usr/share/seclists/Discovery/SNMP/common-snmp-community-strings.txt <target-ip> snmp
onesixtyone -c /usr/share/seclists/Discovery/SNMP/snmp.txt <target-ip>