Information Security

cisco-auditing-tool – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – cisco-auditing-tool

The cisco-auditing-tool located in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is written in Perl and accomplishes three tasks which include attempting to brute force the telnet password on a Cisco device if telnet is running, attempting to show the iOS history on the Cisco device using a vulnerability which I believe is from the late 90’s, and attempting to brute force the SNMP community strings for the device. The tool is fairly outdated as most Cisco devices in corporate networks should now be using SSH and it would seem surprising unless you are doing an internal audit if SNMP was exposed for any Cisco devices still in service. That being said there is definitely still value if you have a ton of Cisco devices to audit you can feed a list of IP’s or hostnames into the script and check basic SNMP community strings and telnet passwords.

Code Snippets

Backtrack cisco-auditing-tool Additional Enable Password Confirmation Added

When using the cisco-auditing-tool script located in the Backtrack Linux menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) I was getting an error even though I was sure one of the passwords I had in the wordlist was accurate. After some troubleshooting I was able to figure out that the script checked for a non-privileged account on the Cisco device but if the account was actually a privileged account which is also known as an enable account it would crash because it never received the response it expected. I added a couple lines of code and now the cisco-auditing-tool Perl script will provide confirmation of lower level accounts on a Cisco device as well as enable level accounts on a Cisco device. Below I describe the error message output when the cisco-auditing-tool Perl script was crashing followed by the code update to provide Cisco enable level password auditing.

Information Security

merge-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – merge-router-config

The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.

Information Security

copy-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – copy-router-config

The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.

Information Security

snmpcheck – Backtrack 5 – Information Gathering – Network Analysis – SNMP Analysis – snmpcheck

WordPress database error: [Can't create/write to file '/tmp/#sql_41b_0.MYI' (Errcode: 28)]
SHOW FULL COLUMNS FROM `qd_db_prli_links`

SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.