SNMP (10161, UDP 161)
Theory
SNMPv1 has no built-in authentication
mechanism, meaning anyone accessing the network can read and modify network data. Another main flaw of SNMPv1 is that it does not support encryption
, meaning that all data is sent in plain text and can be easily intercepted.
SNMPv2 protocol is that the community string
that provides security is only transmitted in plain text, meaning it has no built-in encryption.
Community strings can be seen as passwords that are used to determine whether the requested information can be viewed or not.
Nmap
Community strings
Bruteforce Community strings
Tool
Wordlists
/usr/share/wordlists/seclists/Discovery/SNMP/snmp.txt
/opt/tools/metasploit-framework/data/wordlists/snmp_default_pass.txt
Bruteforce
Bruteforce OIDs
Braa
Once we know a community string, we can use it with braa to brute-force the individual OIDs and enumerate the information behind them.
Default pass
cat /opt/tools/metasploit-framework/data/wordlists/snmp_default_pass.txt
Last updated