Information Security

cisco-auditing-tool – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – cisco-auditing-tool

The cisco-auditing-tool located in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is written in Perl and accomplishes three tasks which include attempting to brute force the telnet password on a Cisco device if telnet is running, attempting to show the iOS history on the Cisco device using a vulnerability which I believe is from the late 90’s, and attempting to brute force the SNMP community strings for the device. The tool is fairly outdated as most Cisco devices in corporate networks should now be using SSH and it would seem surprising unless you are doing an internal audit if SNMP was exposed for any Cisco devices still in service. That being said there is definitely still value if you have a ton of Cisco devices to audit you can feed a list of IP’s or hostnames into the script and check basic SNMP community strings and telnet passwords.

Information Security

merge-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – merge-router-config

The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.

Information Security

copy-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – copy-router-config

The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.

Information Security

snmpcheck – Backtrack 5 – Information Gathering – Network Analysis – SNMP Analysis – snmpcheck

SNMP can be a hidden gem that seems to be overlooked sometimes during penetration testing. It is really cool the information you can obtain just using snmpwalk from the command line however the information can be lengthy and unless you are an SNMP OID library or feel like googling a bunch of different stuff it really helps to have tools such as snmpcheck available. Below we describe what snmpcheck, which is written in Perl, will accomplish for you and we also provide a couple of examples against Ubuntu and a Cisco router.

Technology Insights

Use Nagios To Check Process Size And Provide Alerts Based on Process Megabyte Size

Nagios is an awesome open source application that provides a way to monitor pretty much anything that you can think of on your network. There are tons of plugins written for Nagios that will monitor anything from PostgreSQL database size to the number of users logged into a server. Today I needed to start monitoring the size of a Ruby process that has been growing out of hand so the below is what I came up with being the best solution. Follow the directions below to deploy a Perl script that will use SNMP to retrieve Linux server process size.