Staphysec
  • StaphySec
  • Resources
  • Tricks
  • Brute Force - CheatSheet
  • File Transfer
    • Windows File Transfer
    • Linux File Transfer
    • HTTP/SMB/Nginx/Web Servers/Netcat
  • Hashcat
  • Cheatsheet
  • Curl
  • Tools
    • Cracking
    • Information Gathering
    • XSS
    • Obfuscation
    • Credentials Theft/ Win
    • Content Management Systems (CMS)
  • Programming and Scripting
    • Virtualenv & Switching Versions
    • Python
  • SHELLS
    • Shells (Linux, Windows, Msfvenom)
  • Linux
    • CheatSheet
    • EOP Linux Tools and Resources
    • Blogs
  • Windows
    • CheatSheet
    • EOP Windows Tools and Resources
    • Useful commands and Modules
    • Active Directory
      • Tools
  • Blogs
    • Miscellaneous resources
  • PENTESTING
    • 21 - Pentesting FTP
    • 22 - Pentesting SSH
    • 25,465,587 - Pentesting SMTP
    • 53 - Pentesting DNS
    • 110,995 - Pentesting POP
    • 135 - Pentesting WMI
    • 139,445 - SMB Pentesting
    • 143,993 - Pentesting IMAP
    • 161,162,10161,10162/udp - Pentesting SNMP
    • 623/UDP/TCP - IPMI
    • 1433 - Pentesting mssql
    • 2049 - NFS Pentesting
    • 3306 - Pentesting Mysql
    • 3389 - Pentesting RDP
    • 5985,5986 - WinRm
  • Pentesting Web
    • SQL Injections
      • MySQL injection
      • SQLmap Cheatsheet
    • Command injections
    • File Uploads
    • Abusing Intermediary Applications
    • HTTP Verb Tampering
    • IDOR
    • File Inclusion / Directory Traversal
    • XXE - XEE - XML External Entity
    • SSRF
    • SSI/ESI
    • SSTI (Server Side Template Injection)
    • XSLT Server Side Injection (Extensible Stylesheet Languaje Transformations)
Powered by GitBook
On this page
  • Default conf
  • Footprinting
  1. PENTESTING

161,162,10161,10162/udp - Pentesting SNMP

Previous143,993 - Pentesting IMAPNext623/UDP/TCP - IPMI

Last updated 3 years ago

Resources :

  • .

  • quickly explained.

Simple Network Management Protocol [SNMP]

All the settings that can be made for the SNMP daemon are defined and described in the .

Default conf

cat /etc/snmp/snmpd.conf | grep -v "#" | sed -r '/^\s*$/d'
# Dangerous settings
rwuser noauth	# Provides access to the full OID tree without authentication.
rwcommunity <community string> <IPv4 address>	#Provides access to the full OID tree regardless of where the requests were sent from.
rwcommunity6 <community string> <IPv6 address>	#Same access as with rwcommunity with the difference of using IPv6.

Footprinting

For footprinting SNMP, we can use tools like snmpwalk, onesixtyone, and braa. Snmpwalk is used to query the OIDs with their information. Onesixtyone can be used to brute-force the names of the community strings since they can be named arbitrarily by the administrator.

SNMPwalk

snmpwalk -v2c -c public 10.129.14.128 . # dot  to crawl all

we can use onesixtyone and SecLists wordlists to identify community strings.

onesixtyone -c /opt/useful/SecLists/Discovery/SNMP/snmp.txt <IP>
braa <community string>@<IP>:.1.3.6.*   # Syntax

Once we know a community string, we can use it with to brute-force the individual OIDs and enumerate the information behind them.

Hacktricks
auvik
manpage
braa