November 1, 2019 · Basic Pen-Testing
4.3 : Active information gathering techniques - SNMP enum (Part V)
SNMP Enum
Before start, spend 5 minutes and watch this.
Basics
oid: object identifermib: management info database
security
v1: auth by unencrypted commmunity string, default ispublicv2c: auth by unencrypted commmunity string, default ispublicv3: auth by encrypted username & password
windows oid table
| oid | service |
|---|---|
| 1.3.6.1.2.1.25.1.6.0 | System Processes |
| 1.3.6.1.2.1.25.4.2.1.2 | Running Programs |
| 1.3.6.1.2.1.25.4.2.1.4 | Processes Path |
| 1.3.6.1.2.1.25.2.3.1.4 | Storage Units |
| 1.3.6.1.2.1.25.6.3.1.2 | Software Name |
| 1.3.6.1.4.1.77.1.2.25 | User Accounts |
| 1.3.6.1.2.1.6.13.1.3 | TCP Local Ports |
Enumeration
Port open scanning
nmap -sU --open -p 161 10.0.0.1-254 -oG ip-has-snmp.txt
brute force community string
onesixtyone -i 10.0.0.1 -c dict.txt
Enumerating the Entire MIB Tree
snmpwalk -c public -v1 10.0.0.219
Enumerating Windows Users
snmpwalk -c public -v1 10.0.0.204 1.3.6.1.4.1.77.1.2.25
Enumerating Running Windows Processes
snmpwalk -c public -v1 10.0.0.204 1.3.6.1.2.1.25.4.2.1.2
Enumerating Open TCP Ports
snmpwalk -c public -v1 10.0.0.204 1.3.6.1.2.1.6.13.1.3
Enumerating Installed Software
snmpwalk -c public -v1 10.0.0.204 1.3.6.1.2.1.25.6.3.1.2