Penetration Testing mailing list archives
Re: Pen testing Cisco 4700, and 6509 series
From: intel96 <intel96 () bellsouth net>
Date: Mon, 08 May 2006 11:07:29 -0400
Sherwyn, You must have gotten through the wireless networks that you were checking 3 weeks back since you move into network devices ;) For these new devices have you tried the following: Telnet to both devices on port 23. Do they only have a password prompt? If so, you can try to brute force the login. If they have a username and password prompt forget the brute force unless you know the username for the device, which is not standard name. Have you tried to connect to the web management interfaces (could be disabled) for these devices? If SNMP is enabled for management have you tried basic names like public, private and clientname to see if you can connect to the devices? You could try to brute the SNMP R/W string, but if the devices have an ACL for those connections try something else. Depending on your access-level to the network have you tried to sniff the clear text password for the device when it is being managed? If the device is running an old version of IOS you may be able to find a published vulnerability for that version. Use nmap to guess the IOS. Do you have physical access to these device? If so, have you tried to attached a console cable to see if a password has been set for local management? You could also leap-frog from a compromised trusted system in the main network to these device. If this is part on an approved vulnerability test than I would normally attack the management station(s) used by the network admins, which may have vulnerabilities. Intel96 sherwyn williams wrote:
Hello all, I know there like tons of tools out there to pent test Cisco equipment, but what might be the best ones for the 4700, and 6509 series. This is from a local intranet prospectus. ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Sniff telnet connections carlopmart (May 03)
- Re: Sniff telnet connections Dan Catalin Vasile (May 04)
- Pen testing Cisco 4700, and 6509 series sherwyn williams (May 07)
- Re: Pen testing Cisco 4700, and 6509 series Ivan . (May 07)
- Re: Pen testing Cisco 4700, and 6509 series Neil Moore (May 08)
- Re: Pen testing Cisco 4700, and 6509 series intel96 (May 08)
- RE: Pen testing Cisco 4700, and 6509 series sherwyn williams (May 10)
- Pen testing Cisco 4700, and 6509 series sherwyn williams (May 07)
- Re: Sniff telnet connections Dan Catalin Vasile (May 04)
- Re: Sniff telnet connections carlopmart (May 04)
- Re: Sniff telnet connections Brooks Garrett (May 07)
- <Possible follow-ups>
- RE: Sniff telnet connections Jarmon, Don R (May 04)
- RE: Sniff telnet connections Dan Catalin Vasile (May 07)
- RE: Sniff telnet connections Lars Troen (May 04)