161 UDP - SNMP

Theory

The Simple Network Management Protocol is a database that stores network devices/hosts information (for network management purposes). The SNMP information database is called Management Information Base (MIB), and it structures data in a tree. This server uses UDP port 161 to expose this information. The prior versions of SNMP 1, 2, and 2c don't use encryption in the traffic, so using a sniffer will allow us to intercept the cleartext credentials. The SNMP server uses a community string to secure the data inside the server.

You can use the following three community strings to connect to the SNMP server:

Public
Private
Manager

SNMP Enumeration

If you were able to enumerate the SNMP server, then you will see a lot of important information about the target host:

Network interfaces
Listening ports
System processes
Host hardware information
Software installed
Local users
Shared folders

Practical

Nmap Scan

nmap -sU -p 161 -sV -sC -T5 <IP>

Snmp-Check

snmp-check 192.168.1.2 -c public

Snmp-Bulk-Walk

snmpbulkwalk -c [COMM_STRING] -v [VERSION] [IP] . #Don't forget the final dot
snmpbulkwalk -c public -v2c 10.10.11.136 .

Snmp-Walk

snmpwalk -v [VERSION_SNMP] -c [COMM_STRING] [DIR_IP]

REFERENCES

Previous445 - SMB Next11211 - Memcached

Last updated 1 year ago

Was this helpful?