The identification of the SNMP community string can yield a wealth of information about the wireless device and potentially a way to change the configuration via the 'write' community string. In this section, we will use a tool, onesixtyone, included in Kali to attempt to brute force these community strings. Of course, in order to use this tool, you will need to be able to reach the administrative interface of the access point or wireless router. You will not be able to accomplish this without first being connected to the wired or wireless network hosted by the AP. Follow these steps:
#wget https://raw.githubusercontent.com/rustyrobot/fuzzdb/blob/master/wordlists-misc/wordlist-common-snmp-community-strings.txt
strings.txt
file and add the host you will be brute forcing to a hosts.txt
file:#echo 192.168.0.254 >> hosts.lst #mv wordlist-common-snmp-community-strings.txt strings.txt
onesixtyone
with the parameters, as stated in the following table:
-c |
Filename that contains the community string values to test |
-i |
Input of the filename that contains the list of hosts to test |
-o |
Output file to log the results |
This will run through all of the community strings in the file you specified against the host or hosts in the host.lst
file. log.txt
will indicate any information that is returned from the device and any matching community strings.