{"id":2116,"date":"2021-01-09T14:30:22","date_gmt":"2021-01-09T13:30:22","guid":{"rendered":"https:\/\/andreas-klingler.de\/infosec\/?p=2116"},"modified":"2024-06-09T13:36:06","modified_gmt":"2024-06-09T11:36:06","slug":"snmp-simple-network-management-protocol","status":"publish","type":"post","link":"https:\/\/infosec.andreas-klingler.de\/?p=2116","title":{"rendered":"<span class=\"caps\">SNMP<\/span> Simple Network Management Protocol"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Detect SNMP-devices:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">nmap -sU --open -p 161 10.11.1.1-254 -oG mega-snmp.txt<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">onesixtyone<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Brute force of com\u00admu\u00adni\u00adty strings against IPs. The fol\u00adlow\u00ading exam\u00adple tries to log in into <span class=\"caps\">SMTP<\/span> devis\u00ades via a giv\u00aden <span class=\"caps\">IP<\/span> and giv\u00aden com\u00admu\u00adni\u00adty&nbsp;names.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo public &gt; community\necho private &gt;&gt; community\necho manager &gt;&gt; community\nfor ip in $(seq 1 254);do echo 10.11.1.$ip;done &gt; ips onesixtyone -c community -i ips<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">SNMPCheck<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Like SNM\u00adP\u00adWalk:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpcheck -t $target -c public<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">SNMPWalk<\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Sim\u00adple enu\u00admer\u00ada\u00adtion with snm\u00adp\u00adwalk to show which <span class=\"caps\">SNMP<\/span> val\u00adues are pro\u00advid\u00aded by a device giv\u00aden the com\u00admu\u00adni\u00adty name (most\u00adly public):<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpwalk -c public -v1 10.11.1.115 10.10.10.10 ...(multiple ips are possible)<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This result in a ist of <span class=\"caps\">SNMP<\/span> para\u00adme\u00adters&nbsp;like<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">1.3.6.1.2.1.6.13.1.3<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">See oth\u00ader resources to check the seman\u00adtic behind the&nbsp;OIDs:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"http:\/\/cric.grenoble.cnrs.fr\/Administrateurs\/Outils\/MIBS\/?oid=\">Here is a list<\/a>,<\/li>\n\n\n\n<li><a href=\"http:\/\/www.oidview.com\/mibs\/detail.html\">List 2<\/a>,<\/li>\n\n\n\n<li><a href=\"https:\/\/www.iana.org\/assignments\/enterprise-numbers\/enterprise-numbers\">Enter\u00adprise num\u00adber&nbsp;list<\/a><\/li>\n\n\n\n<li>but I should also just search OIDs.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">To obtain detailed infor\u00adma\u00adtion \/ the val\u00adues of a&nbsp;<span class=\"caps\">OID<\/span>:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">snmpwalk -c public -v1 10.11.1.115 1.3.6.1.2.1.6.13.1.3<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Use\u00adful examples:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>All cur\u00adrent\u00adly run\u00adning process\u00ades:<br><code>snmpwalk -c public -v1 10.11.1.115 1.3.6.1.2.1.25.4.2.1.2<\/code><\/li>\n\n\n\n<li>All cur\u00adrent\u00adly open <span class=\"caps\">TCP<\/span> lis\u00adten\u00ading ports:<br><code>snmpwalk -c public -v1 10.11.1.115 1.3.6.1.2.1.6.13.1.3<\/code><br><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Detect SNMP-devices: nmap \u2011sU \u2013open \u2011p 161 10.11.1.1\u2013254 \u2011oG mega-snmp.txt one\u00adsix\u00adty\u00adone Brute force of com\u00admu\u00adni\u00adty strings against IPs. The fol\u00adlow\u00ading exam\u00adple tries to log in into <span class=\"caps\">SMTP<\/span> devis\u00ades via a giv\u00aden <span class=\"caps\">IP<\/span> and giv\u00aden com\u00admu\u00adni\u00adty&nbsp;names. echo pub\u00adlic &gt; com\u00admu\u00adni\u00adty echo pri\u00advate \u00bb com\u00admu\u00adni\u00adty echo man\u00adag\u00ader \u00bb com\u00admu\u00adni\u00adty for ip in $(seq 1 254);do echo 10.11.1.$ip;done [\u2026]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[323],"tags":[100],"class_list":["post-2116","post","type-post","status-publish","format-standard","hentry","category-protocol","tag-snmp"],"_links":{"self":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2116","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2116"}],"version-history":[{"count":4,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2116\/revisions"}],"predecessor-version":[{"id":3904,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=\/wp\/v2\/posts\/2116\/revisions\/3904"}],"wp:attachment":[{"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosec.andreas-klingler.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}