Simple Network Management Protocol

Footprinting The Service

SNMPwalk

snmpwalk -v2c -c public 10.129.14.128

SNMP Versions versions 1 & 2c Do Not Require Authentication

Snmpwalk is used to query the OIDs with their information

OneSixtyOne

onesixtyone -c /opt/useful/SecLists/Discovery/SNMP/snmp.txt 10.129.14.128

If we do not know the community string, we can use onesixtyone and SecLists wordlists to identify these community strings

Braa

braa <community string>@<IP>:.1.3.6.*

certain community strings are bound to specific IP addresses, and named with the hostname of the host. sometimes even symbols are added

Dangerous Settings

Settings
rwuser noauth	Provides access to the full OID tree without authentication.
rwcommunity <community string> <IPv4 address>	Provides access to the full OID tree regardless of where the requests were sent from.
rwcommunity6 <community string> <IPv6 address>	Same access as with rwcommunity with the difference of using IPv6.