Notes - Attack by ports/protocols: SNMP udp:161
udp/161 snmp
- 161 uses UDP, hence need the
nmap -sUflag to scan - https://github.com/dheiland-r7/snmp
> perl snmpbw.pl <ip> public 2 1
- community string enum:
# https://raw.githubusercontent.com/thedarksource/Security/master/Network/SNMP/snmp_community_strings_wordlist_onesixtyone.txt
# /usr/share/wordlists/SecLists/Discovery/SNMP/
> onesixtyone <ip> -c snmp_community_strings_wordlist_onesixtyone.txt
- snmp-check
> snmp-check <ip>
- snmpwalk, setup with extended walk: https://book.hacktricks.xyz/pentesting/pentesting-snmp/snmp-rce#getting-the-shell-from-net-snmp-extend
> snmpwalk -v 2c -c public <ip> NET-SNMP-EXTEND-MIB::nsExtendObjects
> snmpwalk -v 2c -c public <ip> NET-SNMP-EXTEND-MIB::nsExtendOutputFull