hacktricks/network-services-pentesting/pentesting-snmp/cisco-snmp.md

# Cisco SNMP

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

{% embed url="https://www.stmcyber.com/careers" %}

## Pentesting Cisco Networks

**SNMP** functions over UDP with ports 161/UDP for general messages and 162/UDP for trap messages. This protocol relies on community strings, serving as passwords that enable communication between SNMP agents and servers. These strings are pivotal for they determine access levels, specifically **read-only (RO) or read-write (RW) permissions**. A notable attack vector for pentesters is the **brute-forcing of community strings**, aiming to infiltrate network devices.

A practical tool for executing such brute-force attacks is [**onesixtyone**](https://github.com/trailofbits/onesixtyone), which necessitates a list of potential community strings and the IP addresses of the targets:

```bash
onesixtyone -c communitystrings -i targets
```

#### `cisco_config_tftp`

The Metasploit framework features the `cisco_config_tftp` module, facilitating the extraction of device configurations, contingent upon acquiring an RW community string. Essential parameters for this operation include:

* RW community string (**COMMUNITY**)
* Attacker's IP (**LHOST**)
* Target device's IP (**RHOSTS**)
* Destination path for the configuration files (**OUTPUTDIR**)

Upon configuration, this module enables the download of device settings directly to a specified folder.

#### `snmp_enum`

Another Metasploit module, **`snmp_enum`**, specializes in gathering detailed hardware information. It operates with either type of community string and requires the target's IP address for successful execution:

```bash
msf6 auxiliary(scanner/snmp/snmp_enum) > set COMMUNITY public
msf6 auxiliary(scanner/snmp/snmp_enum) > set RHOSTS 10.10.100.10
msf6 auxiliary(scanner/snmp/snmp_enum) > exploit
```

## References

* [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)

<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>

If you are interested in **hacking career** and hack the unhackable - **we are hiring!** (_fluent polish written and spoken required_).

{% embed url="https://www.stmcyber.com/careers" %}

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00			`# Cisco SNMP`

gpt-4o-mini 2024-07-18 20:49:07 +00:00			`{% hint style="success" %}`
GITBOOK-4403: No subject 2024-09-16 20:40:46 +00:00			`Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
gpt-4o-mini 2024-07-18 20:49:07 +00:00
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00			`<details>`

gpt-4o-mini 2024-07-18 20:49:07 +00:00			`<summary>Support HackTricks</summary>`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
gpt-4o-mini 2024-07-18 20:49:07 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
			`</details>`
gpt-4o-mini 2024-07-18 20:49:07 +00:00			`{% endhint %}`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
GITBOOK-4430: No subject 2024-11-19 11:31:22 +00:00			`<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>`
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
			`If you are interested in hacking career and hack the unhackable - we are hiring! (_fluent polish written and spoken required_).`

			`{% embed url="https://www.stmcyber.com/careers" %}`

			`## Pentesting Cisco Networks`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
a 2024-02-08 21:36:15 +00:00			`SNMP functions over UDP with ports 161/UDP for general messages and 162/UDP for trap messages. This protocol relies on community strings, serving as passwords that enable communication between SNMP agents and servers. These strings are pivotal for they determine access levels, specifically read-only (RO) or read-write (RW) permissions. A notable attack vector for pentesters is the brute-forcing of community strings, aiming to infiltrate network devices.`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00			`A practical tool for executing such brute-force attacks is [onesixtyone](https://github.com/trailofbits/onesixtyone), which necessitates a list of potential community strings and the IP addresses of the targets:`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
a 2024-02-03 16:02:14 +00:00			```bash
			`onesixtyone -c communitystrings -i targets`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00			```

GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00			#### `cisco_config_tftp`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
a 2024-02-08 21:36:15 +00:00			The Metasploit framework features the `cisco_config_tftp` module, facilitating the extraction of device configurations, contingent upon acquiring an RW community string. Essential parameters for this operation include:
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00			`* RW community string (COMMUNITY)`
			`* Attacker's IP (LHOST)`
			`* Target device's IP (RHOSTS)`
			`* Destination path for the configuration files (OUTPUTDIR)`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
a 2024-02-08 21:36:15 +00:00			`Upon configuration, this module enables the download of device settings directly to a specified folder.`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00			#### `snmp_enum`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
a 2024-02-08 21:36:15 +00:00			Another Metasploit module, `snmp_enum`, specializes in gathering detailed hardware information. It operates with either type of community string and requires the target's IP address for successful execution:
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
			```bash
			`msf6 auxiliary(scanner/snmp/snmp_enum) > set COMMUNITY public`
			`msf6 auxiliary(scanner/snmp/snmp_enum) > set RHOSTS 10.10.100.10`
			`msf6 auxiliary(scanner/snmp/snmp_enum) > exploit`
			```

a 2024-02-08 03:08:28 +00:00			`## References`
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
a 2024-02-03 16:02:14 +00:00			`* [https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9](https://medium.com/@in9uz/cisco-nightmare-pentesting-cisco-networks-like-a-devil-f4032eb437b9)`

GITBOOK-4430: No subject 2024-11-19 11:31:22 +00:00			`<figure><img src="../../.gitbook/assets/image (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1) (1).png" alt=""><figcaption></figcaption></figure>`
GITBOOK-4251: change request with no subject merged in GitBook 2024-02-18 14:18:26 +00:00
			`If you are interested in hacking career and hack the unhackable - we are hiring! (_fluent polish written and spoken required_).`

			`{% embed url="https://www.stmcyber.com/careers" %}`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
gpt-4o-mini 2024-07-18 20:49:07 +00:00			`{% hint style="success" %}`
GITBOOK-4403: No subject 2024-09-16 20:40:46 +00:00			`Learn & practice AWS Hacking:<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="../../.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="../../.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
gpt-4o-mini 2024-07-18 20:49:07 +00:00
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00			`<details>`

gpt-4o-mini 2024-07-18 20:49:07 +00:00			`<summary>Support HackTricks</summary>`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
gpt-4o-mini 2024-07-18 20:49:07 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
GitBook: [#3523] No subject 2022-09-30 10:43:59 +00:00
			`</details>`
gpt-4o-mini 2024-07-18 20:49:07 +00:00			`{% endhint %}`