2. SNMP Enumeration (Port 161,162)
Use SNMP (application layer protocol) to obtain a list of user accounts and devices on system
1. SNMP Enumeration using snmp-check
first scan the target to check open port
sudo nmap -sU -sV -p 161 192.168.18.110
Now enumerate it
snmp-check 192.168.18.110
2. SNMP Enumeration with softperfect Network scanner
Windows.

3. Perform SNMP Enumeration using SnmpWalk
snmpwalk -v1 -c public 192.168.18.110

For snmp version 2,use the following command
snmpwalk -v2c -c public 192.168.18.110

4. SNMP Enumeration using NMAP
sudo nmap -sU -P 161 --script snmp-sysdesc 192.168.18.110
sudo nmap -sU -P 161 --script snmp-processes 192.168.18.110
sudo nmap -sU -P 161 --script snmp-win32-software 192.168.18.110// List processes running on windows servers
sudo nmap -sU -P 161 --script snmp-interfaces 192.168.18.110
5. Other SNMP enumeration Tools
nmap -sU -p 161 10.10.1.2
nmap -sU -p 161 --script=snmp-brute 10.10.1.2
# Expoilt SNMP with Metasploit
msfdb init && msfconsole ↵
use auxilary/scanner/snmp/snmp_login ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
use auxilary/scanner/snmp/snmp_enum ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
Last updated
Was this helpful?