College
LAN Guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/Education/CCVE_DepGd/ccve_sba_LAN_DepGd.pdf
WAN Guide
http://www.cisco.com/en/US/docs/solutions/Enterprise/Education/CCVE_DepGd/ccve_sba_WAN_DepGd.pdf
Wednesday, February 15, 2012
Tuesday, February 14, 2012
Friday, February 10, 2012
Hacking Cisco with SNMP
Being able to evaluate the strength of a customers infrastructure is a very important part of a penetration test. Many pen testers limit their tests by overlooking the SNMP protocol and the devices that use it. With a successful discovery of SNMP Community Strings you can go as far as to reconfigure a device for remote access (ssh, telnet, http/https) or setup a SPAN port to sniff internal traffic. Before we start there are a few things you should know about SNMP:
UDP Port 161. Since its UDP its fast.Community Strings provide either Read or Read-Write permissions. Obviously we prefer RW.SNMP v1-v2 is clear text. v3 is encrypted.Here is the usual process taken to attack SNMP and the tools that will help you do it.
1) Obtain Community Strings
-Sniff clear text – Wireshark use the filter: udp port 161
-Guessing Community Strings – Onesixtyone, Metasploit (auxiliary/scanner/snmp/snmp_login), snmpblow
2) Setup TFTP Server
3) Identify Updating MIB : snmpwalk
4) Download Device Configs : snmpblow
5) Crack Enable Passwords (salted MD5) : John the Ripper , oclHashcat
6) Modify Config
7) Update Device Config : snmpset
You can see that these steps are pretty straight forward. Have fun experimenting with the tools. I would HIGHLY discourage attacking SNMP in a production environment unless you have thoroughly experimented with the process in a controlled lab.
Copy & Paste From :
Wednesday, February 8, 2012
Friday, February 3, 2012
Route Map
Step 1 - define an ACL
Keep in mind that whatever is permitted by this ACL is what will be matched. You don't want to permit everything. Usually, I take advantage of the implicit deny at the bottom of the ACL and just create an ACL that permits what I am going to take action on in the route-map.
So, just create a simple ACL:
Router(config)# access-list 101 permit ip any host 10.1.1.1
This ACL permits only traffic with a destination IP of 10.1.1.1 (the traffic we want to send elsewhere)
Step 2 - create a route-map
To create a route-map, go into route-map configuration mode, like this:
Router(config)# route-map reroute10traffic permit 10
Router(config-route-map)#
Next, set your match policy to match the traffic in ACL 101, like this:
Router(config-route-map)#match ip address 101
This will match all the traffic permitted through ACL 101.
Next, you need to set some action on that traffic. What do you want to happen to that traffic? Let's tell the router to send it out interface Fast Ethernet 3/0, like this:
Router(config-route-map)#set interface Fa3/0
Step 3 - Apply the route-map to the interface
Next, you need to apply this policy/route-map to the interface where the traffic is coming in.
Router(config)# interface Fast Ethernet 3/0
Router(config-if)#ip policy route-map reroute10traffic
Reference :
Wednesday, February 1, 2012
How to check ipv6 support for Cisco devices
1- Pergi ke "Cisco features navigator"
2- Pilih "Search By Features"
3- Pada bahagian filter, pilih keyword "IPv6 (Internet Protocol Version 6)"
4- Select add & continue
5- Pilih IOS yg related dgn device
Reference:
Subscribe to:
Posts (Atom)
