# 2. SNMP Enumeration (Port 161,162) ## 1. SNMP Enumeration using snmp-check first scan the target to check open port ``` sudo nmap -sU -sV -p 161 192.168.18.110 ``` Now enumerate it ``` snmp-check 192.168.18.110 ``` ## 2. SNMP Enumeration with softperfect Network scanner Windows. {% embed url="" %}

## 3. Perform SNMP Enumeration using SnmpWalk ``` snmpwalk -v1 -c public 192.168.18.110 ``` {% hint style="info" %} -v1 is the version -c is the string {% endhint %}

For snmp version 2,use the following command ``` snmpwalk -v2c -c public 192.168.18.110 ```

## 4. SNMP Enumeration using NMAP ``` sudo nmap -sU -P 161 --script snmp-sysdesc 192.168.18.110 sudo nmap -sU -P 161 --script snmp-processes 192.168.18.110 ``` ``` sudo nmap -sU -P 161 --script snmp-win32-software 192.168.18.110// List processes running on windows servers ``` ``` sudo nmap -sU -P 161 --script snmp-interfaces 192.168.18.110 ``` ## 5. Other SNMP enumeration Tools ``` nmap -sU -p 161 10.10.1.2 nmap -sU -p 161 --script=snmp-brute 10.10.1.2 # Expoilt SNMP with Metasploit msfdb init && msfconsole ↵ use auxilary/scanner/snmp/snmp_login ↵ set RHOSTS 10.10.1.2 ↵ exploit ↵ use auxilary/scanner/snmp/snmp_enum ↵ set RHOSTS 10.10.1.2 ↵ exploit ↵ ``` {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ceh-practical.cavementech.com/module-4.-enumeration/2.-snmp-enumeration-port-161-162.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.