2. SNMP Enumeration (Port 161,162)

Use SNMP (application layer protocol) to obtain a list of user accounts and devices on system

1. SNMP Enumeration using snmp-check

first scan the target to check open port

sudo nmap -sU -sV -p 161 192.168.18.110

Now enumerate it

snmp-check 192.168.18.110

2. SNMP Enumeration with softperfect Network scanner

Windows.

SoftPerfect Network Scanner : fast, flexible, advancedwww.softperfect.com

3. Perform SNMP Enumeration using SnmpWalk

snmpwalk -v1 -c public 192.168.18.110

-v1 is the version

-c is the string

For snmp version 2,use the following command

snmpwalk -v2c -c public 192.168.18.110

4. SNMP Enumeration using NMAP

sudo nmap -sU -P 161 --script snmp-sysdesc 192.168.18.110
sudo nmap -sU -P 161 --script snmp-processes 192.168.18.110

sudo nmap -sU -P 161 --script snmp-win32-software 192.168.18.110// List processes running on windows servers

sudo nmap -sU -P 161 --script snmp-interfaces 192.168.18.110

5. Other SNMP enumeration Tools

nmap -sU -p 161 10.10.1.2
nmap -sU -p 161 --script=snmp-brute 10.10.1.2

# Expoilt SNMP with Metasploit
msfdb init && msfconsole ↵
use auxilary/scanner/snmp/snmp_login ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵
  
use auxilary/scanner/snmp/snmp_enum ↵
set RHOSTS 10.10.1.2 ↵
exploit ↵

Exam Prep & Training for CEH Practical (Unofficial Course)Udemy

Previous1. Netbios Enumeration (Port 137)Next3. LDAP Enumeration (Port 389)

Last updated 1 year ago

Was this helpful?