# SNMP

SNMP runs on UDP 161. You can get information about a system from it. But you need to know the **community string** for it to give you a response. 

Brute forcing the community string: 

```
onesixtyone -c /usr/share/metasploit-framework/data/wordlists/snmp-default-pass.txt
```

*Note: You will likely want to find a better wordlist.*

Getting the data dump:

```
snmpwalk -Os -v1 -c > snmpout.txt
```

Flags:

* `-v1` specifies SNMP version 1

This also gives some (but less) info: 

```
Metasploit -> auxiliary/scanner/snmp/snmp_enum
```

Things to grep from the datadump: 

* `System uname`
* `.1.3.6.1.2.1.1.1.0` - [System's hardware type, software operating-system, and networking software.](https://oidref.com/1.3.6.1.2.1.1.1)
* `trap` - To find other community strings (under "traphost")
* `fail` - Finding failed login attempts from logs (telnet or ssh for example, not all devices log these login attempts but some do). 

Getting ipv6 addresses (if any) from the data dump: 

```
python enyx.py version communitystring IP
```

{% embed url="<https://github.com/trickster0/Enyx>" %}

Unique local (Link Local/Local Unicast) is probably the output you’re looking for. It will return loopback as well afaik.