Recently I wrote an article on cisco-ocs from Backtrack Linux and provided examples of what it did as well as a bug where if a higher privilege was provided to the vty ports it would note the router was not vulnerable. In that scenario the router was even more vulnerable because the initial login provides enable privileges. Anyhow fast forward five days and the developer, known by OverIP, reached out to me to get more details so he could fix the bug and discuss expanding Cisco OCS’s capabilities. I am happy to announce Cisco OCS version 0.2 which fixes the bug mentioned in the previous article. More details are provided below as well as information about possible future releases.
The cisco-ocs application available in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is also known as cisco-ocs Mass Scanner. This tool provides a single function which is to scan large ranges of IP’s looking for Cisco devices or really any device listening on TCP port 23, attempts to login using telnet with a password of cisco, then passes the enable command to the Cisco router if its able to login via telnet, uses cisco again for the enable password, and finally reports a success if its able to get to the enable prompt using these exact steps. Unfortunately this is the only function of the tool as you cannot specify a wordlist of passwords to attempt or for that matter you cannot set anything accept for the range of IP addresses to scan. Below we should a couple examples of the Cisco-OCS Mass Scanner working on Backtrack 5 R3.
merge-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – merge-router-config
The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.
copy-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – copy-router-config
The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.