SNMP

Simple Network Management Protocol

SNMP runs on UDP 161. You can get information about a system from it. But you need to know the community string for it to give you a response.

Brute forcing the community string:

onesixtyone -c /usr/share/metasploit-framework/data/wordlists/snmp-default-pass.txt

Note: You will likely want to find a better wordlist.

Getting the data dump:

snmpwalk -Os -v1 -c > snmpout.txt

Flags:

  • -v1 specifies SNMP version 1

This also gives some (but less) info:

Metasploit -> auxiliary/scanner/snmp/snmp_enum

Things to grep from the datadump:

Getting ipv6 addresses (if any) from the data dump:

python enyx.py version communitystring IP

Unique local (Link Local/Local Unicast) is probably the output you’re looking for. It will return loopback as well afaik.

Last updated