The cisco-ocs application available in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is also known as cisco-ocs Mass Scanner. This tool provides a single function which is to scan large ranges of IP’s looking for Cisco devices or really any device listening on TCP port 23, attempts to login using telnet with a password of cisco, then passes the enable command to the Cisco router if its able to login via telnet, uses cisco again for the enable password, and finally reports a success if its able to get to the enable prompt using these exact steps. Unfortunately this is the only function of the tool as you cannot specify a wordlist of passwords to attempt or for that matter you cannot set anything accept for the range of IP addresses to scan. Below we should a couple examples of the Cisco-OCS Mass Scanner working on Backtrack 5 R3.
cisco-auditing-tool – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – cisco-auditing-tool
The cisco-auditing-tool located in the Backtrack menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ) is written in Perl and accomplishes three tasks which include attempting to brute force the telnet password on a Cisco device if telnet is running, attempting to show the iOS history on the Cisco device using a vulnerability which I believe is from the late 90’s, and attempting to brute force the SNMP community strings for the device. The tool is fairly outdated as most Cisco devices in corporate networks should now be using SSH and it would seem surprising unless you are doing an internal audit if SNMP was exposed for any Cisco devices still in service. That being said there is definitely still value if you have a ton of Cisco devices to audit you can feed a list of IP’s or hostnames into the script and check basic SNMP community strings and telnet passwords.
merge-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – merge-router-config
The merge-router-config menu item in Backtrack Linux, which is located in the Backtrack Menu ( Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools ), allows you to make changes to a Cisco router configuration file and merge those changes to a Cisco router. You should be extremely careful with this script as it will make changes to the target Cisco router. Below we describe the tool in more detail and show examples of merging a router configuration file to a Cisco 861 router.
copy-router-config – Backtrack 5 – Vulnerability Assessment – Network Assessment – Cisco Tools – copy-router-config
The copy-router-config menu item, which is located in the Backtrack menu (Backtrack > Vulnerability Assessment > Network Assessment > Cisco Tools), is a handy little Perl script put together by Muts himself. Once you click on the menu item it will launch a terminal window in the /pentest/cisco/copy-router-config directory so you will have direct access to the 35 line Perl script which servers a single purpose. That purpose is to copy an entire router configuration file from a Cisco device if you have a RW (read/write) community string for the router.
The asp-auditor application located in Backtrack 5 R3 is fairly outdated but it still does a good job of finger printing ASP servers but the vulnerabilities that it may locate link to articles that no longer exist on the developers personal web site. Below we show two examples where asp-auditor, which is written in Perl, is run against a older Microsoft IIS web server running an ASP web site and a newer Microsoft IIS web server running an ASP web site. If your only goal is determining the IIS version and other basic ASP information then the tool could be useful.