SNMP

An SNMP community string is a simple password that SNMP uses to control access to devices, and the passwords involved are known as SNMP community strings.

These strings provide information and statistics about devices, helping us gain access to them.

Often, the manufacturer default community strings of public and private aren’t changed.

In SNMP versions 1 and 2c, access is controlled using a plaintext community string, and if we know the name, we can gain access to it.

Encryption and authentication were only added in SNMP version 3.

Examination of SNMP process parameters may reveal credentials passed on the command line, which might be reused for other externally accessible services if they’ve been re-used (this does often happen).

Here’s are some examples of SNMP Walking commands:

snmpwalk -v 2c -c public 10.129.42.253 1.3.6.1.2.1.1.5.0
snmpwalk -v 2c -c private  10.129.42.253

A tool like “onesixtyone” can be used to brute force community string names using a dictionary file of common community strings:

onesixtyone -c dict.txt 10.129.42.254