SNMP (UDP:161)

nmap NSE Scripts

# Fire all scripts at UDP 161
nmap $target -vv --reason -Pn -sU -sV -p 161 --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)"

Preferred Enumerate possible information with snmp-check

# DEFAULTS snmp-check $target -c public -p 161 -v 1
snmp-check $TARGET

Brute-force community strings:

onesixtyone $target -c /usr/share/wordlists/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt

Manual enumeration of information

# Windows User Accounts
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25

# Windows Running Programs
snmpwalk -c public -v1 $TARGET 1.3.6.1.2.1.25.4.2.1.2

# Windows Hostname
snmpwalk -c public -v1 $TARGET .1.3.6.1.2.1.1.5

# Windows Share Information
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.3.1.1

# Windows Share Information
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.27

# Windows TCP Ports
snmpwalk -c public -v1 $TARGET4 1.3.6.1.2.1.6.13.1.3

# Software Name
snmpwalk -c public -v1 $TARGET 1.3.6.1.2.1.25.6.3.1.2

PreviousServices NextWindows

Last updated 4 years ago

nmap NSE Scripts

*Preferred* Enumerate possible information with snmp-check

Brute-force community strings:

Manual enumeration of information

Preferred Enumerate possible information with snmp-check