SNMP Pentest

Enumeration and Exploitation

Enumeration

Using snmpwalk

Retrieve SNMP information from the target device

snmpwalk -v1 -c public <Target IP Address>

Enumerate SNMPv2 with a community string of public 

snmpwalk -v2c -c public <Target IP Address>

Search for installed software

snmpwalk -v2c -c public <Target IP Address> hrSWInstalledName

Determine the amount of RAM on the host

snmpwalk -v2c -c public <Target IP Address> hrMemorySize

Change an OID to a different value

snmpwalk -v2c -c public <Target IP Address> <OID> <New Value>

Change the sysContact OID

snmpwalk -v2c -c public  <Target IP Address> sysContact <New Value>

Using nmap

Retrieve a list of all the running SNMP processes along with the associated ports

nmap -sU -p 161 --script=snmp-processes <Target IP Address>

Retrieves information regarding SNMP server type and operating system details.

 nmap -sU -p 161 --script=snmp-sysdescr <Target IP Address>

Retrieves a list of all the applications running on the target (windows) machine.

 nmap -sU -p 161 --script=snmp-win32-software <Target IP Address>

Using snmp-check

snmp-check <ip-addr>

Exploitation

PreviousSNMP BasicsNextNTP

Last updated