snmp (Simple Network Management Protocol)

Description

The Simple Network Management Protocol is used to remotely manage devices. It can be used to configure or to check the configuration of a host.

By design, this service is a great source of both information gathering and privilege escalation in a network.

Enumeration

sudo nmap -sU -p 161 --script=snmp* -oX ./nmap/snmp.xml $IP

Note that one of the scripts that nmap will run is snmp-brute which brute forces for community strings. To change the default wordlist, use:

sudo nmap -sU -p 161 --script=snmp* --script-args snmp-brute.communitiesdb=$WORDLIST -oX ./nmap/snmp.xml $IP

Also note that this nmap command will output a lot of information. Do not underestimate the importance of thoroughly inspecting the output which can contain crucial information on a target.

Exploitation