Recently I wrote an article on cisco-ocs from Backtrack Linux and provided examples of what it did as well as a bug where if a higher privilege was provided to the vty ports it would note the router was not vulnerable. In that scenario the router was even more vulnerable because the initial login provides enable privileges. Anyhow fast forward five days and the developer, known by OverIP, reached out to me to get more details so he could fix the bug and discuss expanding Cisco OCS’s capabilities. I am happy to announce Cisco OCS version 0.2 which fixes the bug mentioned in the previous article. More details are provided below as well as information about possible future releases.
merge-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – merge-router-config
The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.
copy-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – copy-router-config
The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.
SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.
I recently ordered one of the newer Asus routers just to stay up on the wifi world and I decided on the RT-N16. I normally like open-wrt firmware however its still listed as a work in progress for this router. This left me with 2 options, Tomato firmware and DD-WRT firmware. For the first run I decided on DD-WRT. Below I will outline the relatively simply steps to get up and running with dd-wrt on the n16