Vulnerability Development mailing list archives
Re: news story and router passwords
From: Lincoln Yeoh <lyeoh () POP JARING MY>
Date: Sun, 15 Oct 2000 15:10:28 +0800
At 02:41 PM 10/14/00 -0700, Mark Teicher wrote:
interactive scripts but one still needs to have a password at that level. What I was stating earlier that using SNMP one does not necessarily need a password to gain access to a particular router :)
I don't know much about SNMP ( just a tiny bit ), but once when I was going through a ciscoworks course years back I found an interesting feature with the cisco routers we were playing with. IF you can upload a config file to the router via SNMP, you can actually execute arbitrary console style commands using SNMP as well. All you need to do is put stuff like this at the end of the config file: ! end of real config or blank config ! exit ping a.b.c.d telnet a.b.c.d I can't remember if you can send further stuff in a telnet session. It's not a security problem since if you can configure the router you can get in anyway, but I was thinking of it more as an interesting feature, which might be potentially useful in certain cases - telnet not allowed, but snmp is, and you need to do some command line stuff. Maybe a "no debug all" snmp script can be useful for the times some wiseguy turns full debugging on with debug to console (and not log server). This seems to imply that the way Cisco did the snmp config upload on those routers was by piping the contents to something like a vty after a config term. Not sure if they still do that - anyone want to try? Cheerio, Link.
Current thread:
- Re: news story and router passwords, (continued)
- Re: news story and router passwords Talisker (Oct 16)
- Re: news story and router passwords Mark Teicher (Oct 16)
- Re: news story and router passwords none none (Oct 12)
- Re: news story and router passwords Mr Rufus Faloofus (Oct 12)
- Re: news story and router passwords Vitaly McLain (Oct 13)
- Re: news story and router passwords bugtraq (Oct 13)
- Re: news story and router passwords antirez (Oct 14)
- Re: news story and router passwords Bluefish (P.Magnusson) (Oct 14)
- Re: news story and router passwords bug tracker (Oct 14)
- Re: news story and router passwords Mark Teicher (Oct 14)
- Re: news story and router passwords Lincoln Yeoh (Oct 15)
- Re: news story and router passwords Mark Teicher (Oct 14)