161 - SNMP (UDP)

Information

Default Port: 161

PORT    STATE SERVICE
161/udp open  snmp

Versions

• SNMPv1 (v1)
• SNMPv2c (v2)
• SNMPv3 (v3)

Recon

Nmap

nmap -sU -p161 192.168.1.2
nmap -sUVC -p161 192.168.1.2

Community String

Brute Force

onesixtyone 192.168.1.2                            # default wordlist: /usr/share/doc/onesixtyone/dict.txt
onesixtyone 192.168.1.2 -c community-strings.dic   # other wordlist
hydra -P community-strings.dic snmp://192.168.1.2

Wordlist

• snmp.txt
• snmp-onesixtyone.txt
• common-snmp-community-strings.txt
• common-snmp-community-strings-onesixtyone.txt

SNMP Enumeration

snmp-check 192.168.1.2 -c public

snmpwalk -c public -v1 192.168.1.2
snmpwalk -c public -v2c 192.168.1.2
snmpwalk -c public -v2c 192.168.1.2 1       # (OID 1, default 2)
snmpwalk -c public -v3 192.168.1.2

snmpbulkwalk -c public -v1 192.168.1.2
snmpbulkwalk -c public -v2c 192.168.1.2
snmpbulkwalk -c public -v2c 192.168.1.2 1   # (OID 1, default 2)
snmpbulkwalk -c public -v3 192.168.1.2

Extended

snmpbulkwalk -c public -v2c 192.168.1.2 . NET-SNMP-EXTEND-MIB::nsExtendObjects

Format Error

# apt-get install -y snmp-mibs-downloader

nano /etc/snmp/snmp.conf
mibs : > #mibs :

# before
iso.3.6.1.2.1.1.5.0 = STRING: "analoguepond"
# after
NMPv2-MIB::sysDescr.0 = STRING: Linux analoguepond 3.19.0-25-generic #26~14.04.1-Ubuntu SMP Fri Jul 24 21:16:20 UTC 2015 x86_64