04 - SNMP

Steps: nmap scan udp 161, create target IP list, create community list file, use onesixtyone + snmpwalk
     # snmpcheck -t $ip -c public
     # nmap -sU --open -p161 <[SUBNET]> --open
     # grep hrSWRunName|cut -d\* \* -f
     # snmpenum -t $ip
     # onesixtyone -c community -i <[SMNP_IP_LIST]>
     # snmpwalk -c public -v1 $ip 1|
     # snmpwalk -c public -v1 <[IP]> <mib-values>
     
SNMPv3 Enumeration
     # nmap -sV -p 161 --script=snmp-info $ip/24
     
NNMAP SNMP scan
     # nmap -sU -sV -p 161 -n <IP ADDRESS> --script="snmp-netstat" -- script-args="cnmpcommunity=public"
     
Automate the username enumeration process for SNMPv3:
     # apt-get install snmp snmp-mibs-downloader 
     # wget <https://raw.githubusercontent.com/raesene/TestingScripts/master/snmpv3enum.rb>

SNMP Default Credentials
     # /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt

Mib-values (for snmpwalk):
     1.3.6.1.2.1.25.1.6.0 System Processes
     1.3.6.1.2.1.25.4.2.1.2 Running Programs
     1.3.6.1.2.1.25.4.2.1.4 Processes Path
     1.3.6.1.2.1.25.2.3.1.4 Storage Units
     1.3.6.1.2.1.25.6.3.1.2 Software Name
     1.3.6.1.4.1.77.1.2.25 User
     1.3.6.1.2.1.6.13.1.3 TCP Local Ports