I. Background Information
SNMP, or also known as “Simply Not My (Fucking) Problem” is often poor and misunderstood, and subsequently misconfigured protocol. Too bad it’s for the management of the network and noisy as fuck.
II. Goals
There are some useful things available present with SNMP:
- Installed applications (Including Service hotfixes)
- Running services
- Running applications
III. Tools
Several Tools exist for enumerating SNMP.
- snmp-check (Personal Favorite)
- snmpwalk
- bra
IV. Sample Output
$snmp-check 192.168.30.114
snmp-check v1.9 – SNMP enumerator
Copyright (c) 2005-2015 by Matteo Cantoni (www.nothink.org)
[+] Try to connect to 192.168.30.114:161 using SNMPv1 and community ‘public’
[*] System information:
Host IP address : 192.168.30.114
Hostname : 2K4-SERVER
Description : Hardware: x86 Family 6 Model 10 Stepping 9 AT/AT COMPATIBLE – Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
Contact : –
Location : –
Uptime snmp : 3 days, 11:15:30.00
Uptime system : 08:19:49.82
System date : 2017-10-8 00:29:13.2
Domain : WORKGROUP
[*] User accounts:
Guest
Administrator
TsInternetUser
IUSR_2K4-SERVER
IWAM_2K4-SERVER
[*] Network information:
IP forwarding enabled : no
Default TTL : 128
TCP segments received : 0
TCP segments sent : 0
TCP segments retrans : 0
Input datagrams : 645
Delivered datagrams : 644
Output datagrams : 597
[*] Network interfaces:
Interface : [ up ] MS TCP Loopback interface
Id : 1
Mac Address : :::::
Type : softwareLoopback
Speed : 10 Mbps
MTU : 1500
In octets : 437
Out octets : 437
Interface : [ up ] AMD PCNET Family Ethernet Adapter
Id : 16777219
Mac Address : 00:0c:29:e1:89:2d
Type : ethernet-csmacd
Speed : 10 Mbps
MTU : 1500
In octets : 84541
Out octets : 89605
[*] Network IP:
Id IP Address Netmask Broadcast
1 127.0.0.1 255.0.0.0 1
16777219 192.168.30.114 255.255.255.0 1
[*] Routing information:
Destination Next hop Mask Metric
127.0.0.0 127.0.0.1 255.0.0.0 1
192.168.30.0 192.168.30.114 255.255.255.0 1
192.168.30.114 127.0.0.1 255.255.255.255 1
192.168.30.255 192.168.30.114 255.255.255.255 1
224.0.0.0 192.168.30.114 224.0.0.0 1
255.255.255.255 192.168.30.114 255.255.255.255 1
[*] TCP connections and listening ports:
Local address Local port Remote address Remote port State
0.0.0.0 21 0.0.0.0 2272 listen
0.0.0.0 25 0.0.0.0 59573 listen
0.0.0.0 80 0.0.0.0 59513 listen
0.0.0.0 119 0.0.0.0 10406 listen
0.0.0.0 135 0.0.0.0 59476 listen
0.0.0.0 443 0.0.0.0 51381 listen
0.0.0.0 445 0.0.0.0 43240 listen
0.0.0.0 563 0.0.0.0 51249 listen
0.0.0.0 1025 0.0.0.0 18598 listen
0.0.0.0 1026 0.0.0.0 34933 listen
0.0.0.0 1027 0.0.0.0 2256 listen
0.0.0.0 3372 0.0.0.0 2172 listen
0.0.0.0 5422 0.0.0.0 43131 listen
192.168.30.114 139 0.0.0.0 2249 listen
[*] Listening UDP ports:
Local address Local port
0.0.0.0 135
0.0.0.0 161
0.0.0.0 445
0.0.0.0 1028
0.0.0.0 1029
0.0.0.0 3456
192.168.30.114 137
192.168.30.114 138
192.168.30.114 500
[*] Network services:
Index Name
0 Server
1 Alerter
2 Event Log
3 Messenger
4 DNS Client
5 DHCP Client
6 Workstation
7 SNMP Service
8 Plug and Play
9 Print Spooler
10 RunAs Service
11 Task Scheduler
12 Computer Browser
13 Automatic Updates
14 COM+ Event System
15 IIS Admin Service
16 Protected Storage
17 Removable Storage
18 IPSEC Policy Agent
19 Network Connections
20 Logical Disk Manager
21 FTP Publishing Service
22 Distributed File System
23 License Logging Service
24 Remote Registry Service
25 Security Accounts Manager
26 System Event Notification
27 Remote Procedure Call (RPC)
28 TCP/IP NetBIOS Helper Service
29 Distributed Link Tracking Client
30 World Wide Web Publishing Service
31 Distributed Transaction Coordinator
32 Simple Mail Transport Protocol (SMTP)
33 Network News Transport Protocol (NNTP)
34 Windows Management Instrumentation Driver Extensions
[*] Processes:
Id Status Name Path Parameters
1 running System Idle Process
8 running System
164 running smss.exe
192 running csrss.exe
212 running winlogon.exe
224 running cmd.exe
240 running services.exe
252 running lsass.exe
436 running svchost.exe
460 running SPOOLSV.EXE
488 running msdtc.exe
596 running svchost.exe
624 running llssrv.exe
676 running regsvc.exe
716 running mstask.exe
744 running snmp.exe
780 running svchost.exe
816 running inetinfo.exe
992 running explorer.exe
1084 running dfssvc.exe
[*] Storage information:
Description : [“C:\\ Label: Serial Number 8f7c9f8”]
Device id : [#<SNMP::Integer:0x005603436439c0 @value=1>]
Filesystem type : [“unknown”]
Device unit : [#<SNMP::Integer:0x00560343f27eb0 @value=4096>]
Memory size : 7.99 GB
Memory used : 1.28 GB
Description : [“D:\\ Label:W2KIS_SP4_EN Serial Number ee1a1042”]
Device id : [#<SNMP::Integer:0x00560343f168b8 @value=2>]
Filesystem type : [“unknown”]
Device unit : [#<SNMP::Integer:0x00560343f14ba8 @value=2048>]
Memory size : 464.19 MB
Memory used : 464.19 MB
Description : [“Virtual Memory”]
Device id : [#<SNMP::Integer:0x00560343ef7738 @value=3>]
Filesystem type : [“unknown”]
Device unit : [#<SNMP::Integer:0x00560343ef5a50 @value=65536>]
Memory size : 921.81 MB
Memory used : 69.31 MB
[*] File system information:
Index : 1
Mount point :
Remote mount point : –
Access : 1
Bootable : 1
[*] Device information:
Id Type Status Descr
1 unknown running Intel
2 unknown unknown MS TCP Loopback interface
3 unknown unknown AMD PCNET Family Ethernet Adapter
4 unknown unknown D:\
5 unknown running Fixed Disk
6 unknown running IBM enhanced (101- or 102-key) keyboard, Subtype=(0)
7 unknown running 16-Buttons (with wheel)
8 unknown unknown COM1:
[*] Software components:
Index Name
1 WebFldrs
[*] IIS server information:
TotalBytesSentLowWord : 0
TotalBytesReceivedLowWord : 0
TotalFilesSent : 0
CurrentAnonymousUsers : 0
CurrentNonAnonymousUsers : 0
TotalAnonymousUsers : 0
TotalNonAnonymousUsers : 0
MaxAnonymousUsers : 0
MaxNonAnonymousUsers : 0
CurrentConnections : 0
MaxConnections : 0
ConnectionAttempts : 0
LogonAttempts : 0
Gets : 0
Posts : 0
Heads : 0
Others : 0
CGIRequests : 0
BGIRequests : 0
NotFoundErrors : 0