UDP: SNMP - 161

Information

MIB Values	MIB
1.3.6.1.2.1.25.1.6.0	System Processes
1.3.6.1.2.1.25.4.2.1.2	Running Programs
1.3.6.1.2.1.25.4.2.1.4	Processes Path
1.3.6.1.2.1.25.2.3.1.4	Storage Units
1.3.6.1.2.1.25.6.3.1.2	Software Name
1.3.6.1.4.1.77.1.2.25	User Accounts
1.3.6.1.2.1.6.13.1.3	TCP Local Ports

Enumeration

Nmap

sudo nmap -sU --open -p 161 <Target IP Address>

onesixtyone

onesixtyone -c community -i ips

NOTE: Prepare the following things

• Community

echo public > community && echo private >> community && echo manager >> community

• ips

for ip in $(seq 1 254); do echo <Target IP Address>.$ip; done > ips

snmpwalk

Leak command output

snmpwalk -c public -v2c <Target IP Address> NET-SNMP-EXTEND-MIB::nsExtendOutputFull

snmpwalk -c public -v2c <Target IP Address> NET-SNMP-EXTEND-MIB::nsExtendObjects

snmpwalk -c community -v2c <Target IP Address> NET-SNMP-EXTEND-MIB::nsExtendOutputFull

Increase timeout timing

snmpwalk -c public -v2c -t 10 <Target IP Address>

Enumerate Logged-In Users

snmpwalk -c public -v2c <Target IP Address> 1.3.6.1.4.1.77.1.2.25

Enumerate Running Processes

snmpwalk -c public -v2c <Target IP Address> 1.3.6.1.2.1.25.4.2.1.2

Enumerate Active TCP Connections

snmpwalk -c public -v2c <Target IP Address> 1.3.6.1.2.1.6.13.1.3