Pentesting Notes
  • About
  • OSCP
    • Reverse Shells
    • Services
      • SNMP (UDP:161)
    • Windows
    • Building MIMIKATZ for older versions of Windows
    • Compilation Reference
    • Hash Cracking
      • Hashcat Modes
    • MYSQL Privesc
  • Unorganized
    • Pentesting Cheatsheets
Powered by GitBook
On this page
  • nmap NSE Scripts
  • *Preferred* Enumerate possible information with snmp-check
  • Brute-force community strings:
  • Manual enumeration of information

Was this helpful?

  1. OSCP
  2. Services

SNMP (UDP:161)

nmap NSE Scripts

# Fire all scripts at UDP 161
nmap $target -vv --reason -Pn -sU -sV -p 161 --script="banner,(snmp* or ssl*) and not (brute or broadcast or dos or external or fuzzer)"

*Preferred* Enumerate possible information with snmp-check

# DEFAULTS snmp-check $target -c public -p 161 -v 1
snmp-check $TARGET

Brute-force community strings:

onesixtyone $target -c /usr/share/wordlists/seclists/Discovery/SNMP/common-snmp-community-strings-onesixtyone.txt

Manual enumeration of information

# Windows User Accounts
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.25

# Windows Running Programs
snmpwalk -c public -v1 $TARGET 1.3.6.1.2.1.25.4.2.1.2

# Windows Hostname
snmpwalk -c public -v1 $TARGET .1.3.6.1.2.1.1.5

# Windows Share Information
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.3.1.1

# Windows Share Information
snmpwalk -c public -v1 $TARGET 1.3.6.1.4.1.77.1.2.27

# Windows TCP Ports
snmpwalk -c public -v1 $TARGET4 1.3.6.1.2.1.6.13.1.3

# Software Name
snmpwalk -c public -v1 $TARGET 1.3.6.1.2.1.25.6.3.1.2
PreviousServicesNextWindows

Last updated 5 years ago

Was this helpful?