SNMP 161
SNMP OIDs for Microsoft Windows Systems:
These Object Identifiers (OIDs) provide access to specific system information via SNMP:
System Processes:
1.3.6.1.2.1.25.1.6.0
Enumerates system processes.
Running Programs:
1.3.6.1.2.1.25.4.2.1.2
Lists running programs.
Processes Path:
1.3.6.1.2.1.25.4.2.1.4
Provides paths for running processes.
Storage Units:
1.3.6.1.2.1.25.2.3.1.4
Displays information about storage units.
Software Name:
1.3.6.1.2.1.25.6.3.1.2
Lists installed software on the system.
User Accounts:
1.3.6.1.4.1.77.1.2.25
Enumerates user accounts.
TCP Local Ports:
1.3.6.1.2.1.6.13.1.3
Enumerates open TCP ports.
SNMP Enumeration Using Nmap:
Scan for open SNMP ports on a range of IPs:
sudo nmap -sU --open -p 161 10.11.1.1-254 -oG open-snmp.txt
This will scan for open SNMP (UDP port 161) across the IP range
10.11.1.1-254
and output the results to theopen-snmp.txt
file.
Brute-forcing SNMP Community Strings with onesixtyone
:
onesixtyone
:Create a community string file with common values:
echo public > community
echo private >> community
echo manager >> community
The above command adds common SNMP community strings (
public
,private
,manager
) into a file calledcommunity
.
Create a list of IPs to scan:
for ip in $(seq 1 254); do echo 10.11.1.$ip; done > ips
Run onesixtyone
to brute-force SNMP on the created IP list:
onesixtyone -c community -i ips
SNMP Walk:
Enumerate various SNMP data points:
User accounts:
snmpwalk -c public -v1 10.11.1.14 1.3.6.1.4.1.77.1.2.25
Running processes:
snmpwalk -c public -v1 10.11.1.73 1.3.6.1.2.1.25.4.2.1.2
Open TCP ports:
snmpwalk -c public -v1 10.11.1.14 1.3.6.1.2.1.6.13.1.3
Installed software:
snmpwalk -c public -v1 10.11.1.50 1.3.6.1.2.1.25.6.3.1.2
SNMP Tools:
SNMPCheck (to enumerate SNMP details):
snmpcheck 10.11.1.14 -c public
This tool checks and enumerates SNMP details of a target IP (
10.11.1.14
).
SNMPEnum (may require installation):
snmpenum -t 10.11.1.14
Brute-force SNMP Users:
If you're using a wordlist for brute-forcing SNMP users:
snmpenum -t 10.11.1.14 -w /usr/share/legion/wordlists/snmp-default.txt
Last updated