# 161 - SNMP ## Introduction **Port**: 161,162,10161,10162 (UDP) The **Simple Network Management Protocol** (SNMP) is an application layer protocol for different devices on a network to exchange management information with one another. It allows devices to communicate even if they are other devices and run different software. The **Management Information Bases** (MIB) is a collection of information in a data tree structure. Each MIB consists of one or more nodes, having each node a unique **Object Identifier** (OID). ![SNMP MIBS herarchy](/files/5oOSnhAogd7h6SGCSipY) For example, the code [1.3.6.1.2.1.1.1](http://oid-info.com/get/1.3.6.1.2.1.1.1) will be translated to "iso.identified-organization.dod.internet.mgmt.mib-2.system.sysDescr", where you can find the full name and version identification of the system's hardware type, software operating-system, and networking software. Furthermore, the SNMP requires an authentication string called "community string" to access or alter its information. Finally, there are different SNMP versions v1, v2c and v3; that you will need to specify depending on the tool. ## OID Translation By default, Kali Linux does not translate the OID; hence if you use snmpwalk, you will see only the OIDs with their associated values. To fix this problem, you need to execute the following commands. ```bash sudo apt install snmp-mibs-downloader -y sudo cp /etc/snmp/snmp.conf /etc/snmp/snmp.confBkp echo "" | sudo tee /etc/snmp/snmp.conf ``` ## Enumeration With the following Nmap command, you can enumerate: * Network interfaces * SNMPv3 Basic information * Community string brute-forcing * Downloads Cisco router IOS configuration * Netstat information * Running processes * System description * Windows services, shares, installed software and users ```bash nmap -sU -p 161 --script=snmp-* ``` Once, discovered a valid community string you can enumerate SNMP with **snmapwalk**. ```bash snmpwalk [-v 1|2c|3] -c snmpwalk [-v 1|2c|3] -c .1 # Enumerate everything ``` ## Setting SNMP values You can modify SNMP values with the tool snmpset. [Here](https://web.archive.org/web/20160605063038/https://www.webnms.com/cagent/help/technology_used/c_snmp_overview.html) you can find a list of data types. ```bash snmpset [-v 1|2c|3] -c ``` ## References * [What is SNMP?](https://www.site24x7.com/network/what-is-snmp.html) * [What is SNMP? 2](https://www.manageengine.com/network-monitoring/what-is-snmp.html) * [Pentesting SNMP](https://book.hacktricks.xyz/pentesting/pentesting-snmp) * [SNMP pentesting](https://resources.infosecinstitute.com/topic/snmp-pentesting/) * [SNMP Data types](https://www.webnms.com/cagent/help/technology_used/c_snmp_overview.html) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://the-pentesting-guide.marmeus.com/active/services/161-smtp.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.