RE: Pen testing Cisco 4700, and 6509 series

From: sherwyn williams (s-williams@nyc.rr.com)
Date: Wed May 10 2006 - 14:29:25 EDT

• Next message: Erin Carroll: "The quest for ring 0"
• Previous message: sherwyn williams: "RE: Secure Surfing"
• In reply to: intel96: "Re: Pen testing Cisco 4700, and 6509 series"
• Next in thread: Roman Shirokov: "Re: Sniff telnet connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

For starters thanks for all help so far, I did telnet to port 23 on both
routers and there is only a password prompt. As far as brute forcing would
you suggest hydra, and if so how long would the time be on an average for
multiple bad password tries before the interface is shutdown.

-----Original Message-----
From: intel96 [mailto:intel96@bellsouth.net]
Sent: Monday, May 08, 2006 11:07 AM
To: sherwyn williams
Cc: pen-test@securityfocus.com
Subject: Re: Pen testing Cisco 4700, and 6509 series

Sherwyn,

You must have gotten through the wireless networks that you were
checking 3 weeks back since you move into network devices ;)

For these new devices have you tried the following:

Telnet to both devices on port 23. Do they only have a password
prompt? If so, you can try to brute force the login. If they have a
username and password prompt forget the brute force unless you know the
username for the device, which is not standard name.

Have you tried to connect to the web management interfaces (could be
disabled) for these devices?

If SNMP is enabled for management have you tried basic names like
public, private and clientname to see if you can connect to the
devices? You could try to brute the SNMP R/W string, but if the
devices have an ACL for those connections try something else.

Depending on your access-level to the network have you tried to sniff
the clear text password for the device when it is being managed?

If the device is running an old version of IOS you may be able to find a
published vulnerability for that version. Use nmap to guess the IOS.

Do you have physical access to these device? If so, have you tried to
attached a console cable to see if a password has been set for local
management?

You could also leap-frog from a compromised trusted system in the main
network to these device. If this is part on an approved vulnerability
test than I would normally attack the management station(s) used by the
network admins, which may have vulnerabilities.

Intel96

 sherwyn williams wrote:
> Hello all,
>
> I know there like tons of tools out there to pent test Cisco equipment,
but
> what might be the best ones for the 4700, and 6509 series. This is from a
> local intranet prospectus.
>
>
>
----------------------------------------------------------------------------

--
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security? 
> Why not go with the #1 solution - Cenzic, the only one to win the
Analyst's 
> Choice Award from eWeek. As attacks through web applications continue to
rise, 
> you need to proactively protect your applications from hackers. Cenzic has
the 
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with
a 
> managed service (Cenzic ClickToSecure) or an enterprise software 
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
> help you: http://www.cenzic.com/news_events/wpappsec.php 
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
>
----------------------------------------------------------------------------
--
>
>
>   
----------------------------------------------------------------------------
--
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to
rise, 
you need to proactively protect your applications from hackers. Cenzic has
the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
----------------------------------------------------------------------------
--
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Erin Carroll: "The quest for ring 0"
• Previous message: sherwyn williams: "RE: Secure Surfing"
• In reply to: intel96: "Re: Pen testing Cisco 4700, and 6509 series"
• Next in thread: Roman Shirokov: "Re: Sniff telnet connections"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:55 EDT