SNMP - 161

The Simple Network Management Protocol (SNMP) is a protocol used for monitoring, managing, and configuring network devices such as routers, switches, and servers. It allows network administrators to collect information and manage devices remotely using a standardized framework.

Default port: 161

Enumeration

# Basic SNMP sweep to find valid community strings (like 'public')
onesixtyone -c /usr/share/wordlist/SecLists/Discovery/SNMP/snmp.txt 10.10.10.10

# SNMP walk (v1)
snmpwalk -v1 -c public 10.10.10.10

# SNMP walk with full OID tree
snmpwalk -v2c -c public 10.10.10.10 1

# Get system description
snmpget -v1 -c public 10.10.10.10 1.3.6.1.2.1.1.1.0

# Bruteforce with snmpenum
snmpenum -t 10.10.10.10 -c public

# nmap SNMP scripts
nmap -sU -p 161 --script=snmp* 10.10.10.10

Exploitation

# Brute-force SNMP OIDs once community string is known
# Syntax: braa <community>@<IP>:<OID pattern>
braa public@10.10.10.10:.1.3.6.*

# Extract user accounts from SNMP
snmpwalk -v2c -c public 10.10.10.10 1.3.6.1.4.1.77.1.2.25

# Extract running processes
snmpwalk -v2c -c public 10.10.10.10 1.3.6.1.2.1.25.4.2.1.2

# Network interfaces
snmpwalk -v2c -c public 10.10.10.10 1.3.6.1.2.1.2.2.1.2

# Open TCP connections
snmpwalk -v2c -c public 10.10.10.10 1.3.6.1.2.1.6.13.1.3

# Combine with metasploit (for write access)
msfconsole
use auxiliary/scanner/snmp/snmp_enum
set RHOSTS 10.10.10.10
set COMMUNITY public
run

Enumeration​

Exploitation​

Enumeration

Exploitation