SNMP enumeration of port udp ports 161-162 Link to heading

Initial Scan

sudo nmap -sU --open -p 161 10.10.10.116 -oG out.txt\$ cat out.txt        
# Nmap 7.91 scan initiated Sun Mar  6 18:06:39 2022 as: nmap -sU --open -p 161 -oG out.txt 10.10.10.116
Host: 10.10.10.116 ()   Status: Up
Host: 10.10.10.116 ()   Ports: 161/open|filtered/udp//snmp///
# Nmap done at Sun Mar  6 18:06:40 2022 -- 1 IP address (1 host up) scanned in 1.04 seconds

Some Basic SNMP enumeration commands

snmp-check 10.10.10.116 -c public > snm1.txt
snmpwalk -c public -v 1 10.10.10.116 > snmp2.txt 

As these results are bigger and noisy, you may need to observe it carefully to get the sensitive information. I have uploaded the full results here.

[Output1,](Rchitect/snmp1.txt at Yoda · tcprks/Rchitect · GitHub) [output2](Rchitect/snmp2.txt at Yoda · tcprks/Rchitect · GitHub)

You can it has information like IPSEC preshared eky

iso.3.6.1.2.1.1.1.0 = STRING: "Hardware: AMD64 Family 23 Model 49 Stepping 0 AT/AT COMPATIBLE - Software: Windows Version 6.3 (Build 15063 Multiprocessor Free)"
iso.3.6.1.2.1.1.2.0 = OID: iso.3.6.1.4.1.311.1.1.3.1.1
iso.3.6.1.2.1.1.3.0 = Timeticks: (8552333) 23:45:23.33
iso.3.6.1.2.1.1.4.0 = STRING: "IKE VPN password PSK - 9C8B1A372B1878851BE2C097031B6E43"
iso.3.6.1.2.1.1.5.0 = STRING: "Conceal

Some more reference:

snmpwalk -c public -v1 10.10.10.116 1.3.6.1.4.1.77.1.2.25                                                                                                         130 ⨯
iso.3.6.1.4.1.77.1.2.25.1.1.5.71.117.101.115.116 = STRING: "Guest"
iso.3.6.1.4.1.77.1.2.25.1.1.9.68.101.115.116.105.116.117.116.101 = STRING: "Destitute"
iso.3.6.1.4.1.77.1.2.25.1.1.13.65.100.109.105.110.105.115.116.114.97.116.111.114 = STRING: "Administrator"
iso.3.6.1.4.1.77.1.2.25.1.1.14.68.101.102.97.117.108.116.65.99.99.111.117.110.116 = STRING: "DefaultAccount"

Wordlist for SNMP passoword buteforce

└─$ locate snmp_default
/usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt

Some important MIB

System process MIB