# SNMP

## MIB

Management Information Base. Offers a standardized tree view of all queryable SNMP objects

`Abstract Syntax Notation One` (`ASN.1`) based ASCII text format

The MIBs do not contain data, but they explain where to find which information and what it looks like

## OID

The OIDs consist of integers and are usually concatenated by dot notation. We can look up many MIBs for the associated OIDs in the [Object Identifier Registry](https://www.alvestrand.no/objectid/).

## Versions

v1 and v2 are plain text and unencrypted.

v3 adds authentication and encryption (pre-shared key).

## **Community Strings**

Community strings can be seen as passwords that are used to determine whether the requested information can be viewed or not. It is important to note that many organizations are still using `SNMPv2`, as the transition to `SNMPv3` can be very complex, but the services still need to remain active

## Dangerous settings

| **Settings**                                     | **Description**                                                                       |
| ------------------------------------------------ | ------------------------------------------------------------------------------------- |
| `rwuser noauth`                                  | Provides access to the full OID tree without authentication.                          |
| `rwcommunity <community string> <IPv4 address>`  | Provides access to the full OID tree regardless of where the requests were sent from. |
| `rwcommunity6 <community string> <IPv6 address>` | Same access as with `rwcommunity` with the difference of using IPv6.                  |

## Tools

snmpwalk

* `snmpwalk -v2c -c public <IP>`

onesixtyone

* `onesixtyone -c /opt/useful/SecLists/Discovery/SNMP/snmp.txt <IP>`

braa

* `braa <community string>@<IP>:.1.3.6.*`