diff --git a/pentesting/pentesting-snmp/README.md b/pentesting/pentesting-snmp/README.md index b350210ac..2831edddd 100644 --- a/pentesting/pentesting-snmp/README.md +++ b/pentesting/pentesting-snmp/README.md @@ -89,6 +89,12 @@ To **guess the community string** you could perform a dictionary attack. Check [ ## Enumerating SNMP +It is recommanded to install the following to see whats does mean **each OID gathered** from the device: +```bash +apt-get install snmp-mibs-downloader +download-mibs +``` + If you know a valid community string, you can access the data using **SNMPWalk** or **SNMP-Check**: ```bash @@ -98,18 +104,13 @@ snmp-check [DIR_IP] -p [PORT] -c [COMM_STRING] nmap --script "snmp* and not snmp-brute" ``` -To see whats does **means** each OID gathered from the device, it is recommended to **install**: +Thanks to extended queries (download-mibs), it is possible to enumerate even more about the system with the following command : ```bash -apt-get install snmp-mibs-downloader -download-mibs +snmpwalk -v X -c public NET-SNMP-EXTEND-MIB::nsExtendOutputFull ``` -And **in** _**/etc/snmp/snmp.conf**_ **comment the line "mibs :"** - -**It is recommended to install and configure this before launching any SNMP enumeration.** - -**SNMP** has a lot of information about the host and things that you may find interesting are: **Network interfaces** \(IPv4 and **IPv6** address\) and **processes running** \(may contain passwords\).... +**SNMP** has a lot of information about the host and things that you may find interesting are: **Network interfaces** (IPv4 and **IPv6** address), Usernames, Uptime, Server/OS version, and **processes running** (may contain passwords).... ## From SNMP to RCE