.

Crack cisco router 3560

<<

manju_salian

User avatar

Jr. Member
Jr. Member

Posts: 89

Joined: Mon Apr 09, 2007 1:31 am

Post Thu Mar 06, 2008 11:12 pm

Crack cisco router 3560

Hi,
  Need a help. Is there any tool to crack the password of cisco switches 3560 without disturbing the service or restarting the same.

Thanks in Advance ???
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Mar 07, 2008 4:18 am

Re: Crack cisco router 3560

hack_80,

depends how much information you can get. If you have a copy of the current config then you may be able to crack the password hash depending on the encryption used/IOS version, of course you may be able to just read the password in plaintext depending on config commands also.

Failing that, as far as I know it's password reset time, which will definitely interrupt the service and depending on model (I'm not familiar with the 3500 series) may wipe the config.

Hopefully you can get more specific info from someone with hands on experience of the 3560.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Fri Mar 07, 2008 4:53 am

Re: Crack cisco router 3560

Do you know if it is running SNMP? If it is can you get access to the lan to sniff traffic? If you said yes to both of the above and it's running IOS and not Catos it is very possible you could Man in the middle attack the lan with Cain & Able. Once your APR Poisoning you just capture the SNMP string and use Cains CCDU (Cisco Config Download Utility) to SNMP pull the running config. Once you have the config you can get the plain-text or Cisco type 7 encrypted password (type 7 password can also be decrypted with Cain). This is just one more reason to make Chicagocon as I am going to be presenting all kinds of fun things you can do with Cain & Able!

Answer to your question yes it is possible to force a Cisco Router or switch to give you it's config with out turning it off or stopping traffic. It all depends on how it was setup and if it is running SNMP.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Fri Mar 07, 2008 7:09 am

Re: Crack cisco router 3560

Hack_80,

hadn't thought about the method Brian suggested. If it does work I'd suggest disabling (or at least changing) the SNMP community with right access as you can definitely have some 'fun' via this route.

Brian,

I'm unable to make ChicagoCon (Wrong side of the pond). Do you know if you talk/slides or anyother from the event will be available online for us unfortunate people that cannot make it?

I've looked at Cain&Able before but haven't had reason/knowledge to use it in the realworld, might need to give it another look now.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Fri Mar 07, 2008 12:17 pm

Re: Crack cisco router 3560

The Audio from my presentation at Chicagocon last year on Cain & Able is on the site and my power point is too but I skipped the power point and did a live demo. I plan to do another live demo this year and maybe if don can get some form of video for the con we can have that also. I have some of my videos on www.anti-hacker.info which have some of the basics of Cain & Able with a few other tools I like using.

There are many ways manage a Cisco device and if setup correctly 90% of the hacks will not work. But in my experience most routers are not setup with security in mind as the engineers think the firewall will save them and this leaves many holes that need to be patched.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

Mr. Roboto

User avatar

Jr. Member
Jr. Member

Posts: 67

Joined: Thu Feb 14, 2008 9:57 am

Location: Ohio

Post Fri Mar 07, 2008 12:18 pm

Re: Crack cisco router 3560

Brian,

Do you know if Cisco is moving away from the CatOS?  I'd heard this some time ago from one of the router guys I work with.
A+, Security+, HDI Support Center Analyst, MCTS: Vista
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Fri Mar 07, 2008 12:32 pm

Re: Crack cisco router 3560

Yes they are trying to get everything onto IOS and there are some switches/routers that will run in hybrid mode of both IOS and CatOS. I am one of the few that likes CatOS for basic switching & VLANs. I mean it is so much faster to configure and by default has alot less bloated and fewer security holes. Remember with all the extra features you want in that IOS version they might also come with the cost of possible holes.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Mon Mar 10, 2008 3:26 pm

Re: Crack cisco router 3560

SlimJim100,

Would that be safe to apply to other switches Foundery, Extereme, Procurve, ..etc or they have different password algorithms, how about thier config files, how easy is to get a switch config file? thanks for the videos hint I am always fascinated by Cain & Able, don't know why it is not open source yet?
RHCE, GIAC GCIH.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Mon Mar 10, 2008 5:56 pm

Re: Crack cisco router 3560

From my experience just about all manageable switches have SNMP weaknesses  (normally just sniffing finds the write string) it's just finding the vendor OID to dump the config file. BTW most vendors use the Cisco type 7 encryption so you can crack the password the same way. If it is not a Cisco type 7 encrypted password then you can expect it to be MD5 and thats where you rainbow tables come in to crack it with or without Cain & Able.

At the end of the day if you configure you routers and switches correctly with all there security features 90% of the back-door cracks and weaknesses will be sealed up. ACL's are you friend so learn how to apply them correctly.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Tue Mar 11, 2008 12:26 am

Re: Crack cisco router 3560

Thanks SlimJim100,
so from what you saying is that switch password algorithms do not use salt, and rainbow tables would work on them, is there any other limitation for switch passwords other than that?

W.
RHCE, GIAC GCIH.
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Tue Mar 11, 2008 3:25 am

Re: Crack cisco router 3560

I have not seen any switches that use a salted MD5 but even if it did you could still brutefocre or dictionary attack it since most network engineers or Lan admins do not think to make network device passwords too hard and in many cases it's the same passwords to all switches or routers since laziness is easer than common security sense. I would also look to find the vendor documents on the device as default passwords do not always get changed.


Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software