161 - SNMP
Last updated
Last updated
Port: 161,162,10161,10162 (UDP)
The Simple Network Management Protocol (SNMP) is an application layer protocol for different devices on a network to exchange management information with one another. It allows devices to communicate even if they are other devices and run different software.
The Management Information Bases (MIB) is a collection of information in a data tree structure. Each MIB consists of one or more nodes, having each node a unique Object Identifier (OID).
For example, the code 1.3.6.1.2.1.1.1 will be translated to "iso.identified-organization.dod.internet.mgmt.mib-2.system.sysDescr", where you can find the full name and version identification of the system's hardware type, software operating-system, and networking software.
Furthermore, the SNMP requires an authentication string called "community string" to access or alter its information.
Finally, there are different SNMP versions v1, v2c and v3; that you will need to specify depending on the tool.
By default, Kali Linux does not translate the OID; hence if you use snmpwalk, you will see only the OIDs with their associated values. To fix this problem, you need to execute the following commands.
sudo apt install snmp-mibs-downloader -y
sudo cp /etc/snmp/snmp.conf /etc/snmp/snmp.confBkp
echo "" | sudo tee /etc/snmp/snmp.confWith the following Nmap command, you can enumerate:
Network interfaces
SNMPv3 Basic information
Community string brute-forcing
Downloads Cisco router IOS configuration
Netstat information
Running processes
System description
Windows services, shares, installed software and users
nmap -sU -p 161 --script=snmp-* <TARGET>Once, discovered a valid community string you can enumerate SNMP with snmapwalk.
snmpwalk [-v 1|2c|3] -c <COMMUNITY_STRING> <TARGET> <FILTER>
snmpwalk [-v 1|2c|3] -c <COMMUNITY_STRING> <TARGET> .1 # Enumerate everythingYou can modify SNMP values with the tool snmpset. Here you can find a list of data types.
snmpset [-v 1|2c|3] -c <COMMUNITY_STRING> <TARGET> <OID> <DATA_TYPE> <VALUE>