πŸ₯ΉPort 161-169 (SNMP)

Brute force community string

onesixtyone -c /home/liodeus/wordlist/SecLists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt <IP>
snmpbulkwalk -c <COMMUNITY_STRING> -v<VERSION> <IP>
snmp-check <IP>

Modifying SNMP values

http://net-snmp.sourceforge.net/tutorial/tutorial-5/commands/snmpset.html

scaning for snmp

nmap -sU --open -p 161 192.168.45.101-190 -oG mega-snmp.txt

onesixtyone

root:kali echo public > comunity
root:kali echo private >> comunity
root:kali echo manager >> comunity
root:kali for ip in $(seq 200 254); do echo 192.168.56.$ip;done > ips
root:kali onexityone -c comunity -i ips

snmp enumeration

snmpwalk -c public -v1 <ip>

enumeration windows users

snmpwalk -c public -v1 192.168.56.101 1.3.6.1.4.1.77.1.2.25

runin process

snmpwalk -c public -v1 192.168.56.101 1.3.6.1.2.1.25.4.2.1.2

open tcp ports

snmpwalk -c public -v1 192.168.56.101   1.3.6.1.2.1.6.13.1.3

proceses

snmpwalk -c public -v1 192.168.56.101  1.3.6.1.2.1.25.4.2.1.2
snmpget -v 1 -c public IP
snmpwalk -v 1 -c public IP
snmpbulkwalk -v2c -c public -Cn0 -Cr10 IP

ipv6

Most importantly, an IPv6 address is exposed at MiB ​ iso.3.6.1.2.1.4.34.1.5.2.16​ .
PreviousPort 110-25-143 (pop3/smtp)NextPort 389 (LDAP)

Last updated