Sunday, March 18, 2007

Auditing Cisco Routing Protocols

I am very into cisco research but i am not very good in writing or finding exploits. What i did was to audit routing protocols that were available. Very sad to say that there isin't any routing protocol available here. Nevertheless, i managed to capture screen shots of what i did. The tool i used was IRPAS from Phenoelit. IRPAS itself has many tools inside which includes ASS, CDP, protos, hsrp, etc..I used ASS to test for RIPv1 and RIPv2 and i got nothing. For detail documentation, you can visit: http://www.phenoelit.de/fr/tools.html

As yall know, RIPv1 is susceptible to plaintext authentication. If yall company is using RIPv1 upgrade it to RIPv2. At least in v2, it is using md5 hash. If you run ASS in a environment where RIPv1 is used, along the scans, you will discover the passwords. ASS can be run in both passive and active mode and can be run only in the internal LAN. Below is what i got from the scans. :((

hAck3rs@cisco:~/ass$ sudo ./ass -i eth0
ASS [Autonomous System Scanner] $Revision: 1.24 $
(c) 2k++ FX
Phenoelit (http://www.phenoelit.de)
IRPAS build XXXIX
passive listen ... (hit Ctrl-C to finish)


>>>Results>>>
*** glibc detected *** double free or corruption (!prev): 0x0805d1d0 ***
Aborted


hAck3rs@cisco:~/ass$ sudo ./ass -i eth0 -vv -A
ASS [Autonomous System Scanner] $Revision: 1.24 $
(c) 2k++ FX
Phenoelit (http://www.phenoelit.de)
IRPAS build XXXIX
Scanning
+ scanning IRDP ...
+ scanning RIPv1 ...
+ scanning RIPv2 ...
+ scanning IGRP ...
+ wainting for EIGRP HELLOs (12s) ...

Continuing capture ... (hit Ctrl-C to finish)

>>>Results>>>
*** glibc detected *** double free or corruption (!prev): 0x0805d1d0 ***
Aborted

The first scan is a Passive scan where it will listen for RIP updates. The second scan is an Active scan. The -A option will put the scanner into active state and the -v will be verbose.

For those of yall who use RIPv2, you can set the authentication using

1. config t
2. ip rip authentication mode md5

Using ASS in active mode, it will sent out ICMP type 10 message to discover IRDP in the network, but sadly to say, no implementation of any IRDP protocol is seen here as it is susceptible to DoS attacks.



I found STP!!!!!!! This show that there is a Cisco switch. Soon, i am going to see if i can make myself the STP root



Not to mention for OSPF protocol. This protocol has a lot of juicy info. For me the best tool to gather OSPF info is using wireshark. I am always looking out for backbone area 0 which is the main area that connect all other areas.

2 comments:

chunxue said...

During the World War II, Art Deco jewellery was ugg sale a very popular style among women. The females started ugg boots wearing short dresses and cut their hair short. And uggs such boyish style was accessorized with Art Deco jewellery. They used cheap ugg boots long dangling earrings and necklaces, multiple bracelets and bold ugg boots uk rings.Art Deco jewellery has harshly geometric and symmetrical theme instead disocunt ugg boots of free flowing curves and naturalistic motifs. Art Deco Jewelry buy ugg boots today displays designs that consist of arcs, circles, rectangles, squares, and ugg outlet triangles. Bracelets, earrings, necklaces and rings are added with long ugg boots outlet lines and curves.One example of Art Deco jewelry is the Art Deco ring. Art Deco rings have ugg mall sophisticated sparkle and bold styles. These rings are not intended for a subtle look, they are meant to be noticed. Hence, these are perfect for people with bold styles.

jeniferraaj254 said...

Great Blog..Your Point Of View..is really good
Payday cheques
Cheque Cashing UK