SNMP

Scanning for SNMP

With nmap:

sudo nmap -sU --open -p 161 10.11.1.1-254 -oG open-snmp.txt

With onesixtyone:

echo public > community
echo private >> community
echo manager >> community

for ip in $(seq 1 254); do echo <subnet>.$ip; done > ips

onesixtyone -c community -i ips

Windows Enumeration

Use snmpwalk.

Enumerate entire MIB:

snmpwalk -c public -v1 -t 10 <ip>

Enumerate Windows users:

snmpwalk -c public -v1 <ip> 1.3.6.1.4.1.77.1.2.25

Enumerate Windows processes:

snmpwalk -c public -v1 <ip> 1.3.6.1.2.1.25.4.2.1.2

Enumerate open TCP ports:

snmpwalk -c public -v1 <ip> 1.3.6.1.2.1.6.13.1.3

Enumerate installed software:

snmpwalk -c public -v1 <ip> 1.3.6.1.2.1.25.6.3.1.2