You want to retrieve the Cisco configuration from the router. How would you proceed?

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router’s access-list as below:
Current configuration : 1206 bytes
!
version 12.3
!
hostname Victim
!
enable secret 5 $1$h2iz$DHYpcqURF0APD2aDuA.YX0
!
interface Ethernet0/0
p address dhcp
p nat outside
alf-duplex
!
interface Ethernet0/1
p address 192.168.1.1 255.255.255.0
p nat inside
alf-duplex
!
router rip
etwork 192.168.1.0
!
ip nat inside source list 102 interface Ethernet0/0 overload
no ip http server
ip classless
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
!
snmp-server community public RO
snmp-server community private RW 1
snmp-server enable traps tty
!
line con 0
ogging synchronous
ogin
line aux 0
line vty 0 4
assword secret
ogin
!
!
end
You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection.
You want to retrieve the Cisco configuration from the router. How would you proceed?

The network administrator at Spears Technology, Inc has configured the default gateway Cisco router’s access-list as below:

Current configuration : 1206 bytes
!
version 12.3
!
hostname Victim
!
enable secret 5 $1$h2iz$DHYpcqURF0APD2aDuA.YX0
!
interface Ethernet0/0
p address dhcp
p nat outside
alf-duplex
!
interface Ethernet0/1

p address 192.168.1.1 255.255.255.0
p nat inside
alf-duplex
!
router rip
etwork 192.168.1.0
!
ip nat inside source list 102 interface Ethernet0/0 overload
no ip http server
ip classless
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 102 permit ip any any
!
snmp-server community public RO
snmp-server community private RW 1
snmp-server enable traps tty
!
line con 0
ogging synchronous
ogin
line aux 0
line vty 0 4
assword secret
ogin
!
!
end

You are hired to conduct security testing on their network. You successfully brute-force the SNMP community string using a SNMP crack tool. The access-list configured at the router prevents you from establishing a successful connection.

You want to retrieve the Cisco configuration from the router. How would you proceed?

A.
Run a network sniffer and capture the returned traffic with the configuration file from the router

B.
Use the Cisco’s TFTP default password to connect and download the configuration file

C.
Send a customized SNMP set request with a spoofed source IP address in the range – 192.168.1.0

D.
Run Generic Routing Encapsulation (GRE) tunneling protocol from your computer to the router masking your IP address

Explanation:
SNMP is allowed only by access-list 1. Therefore you need to spoof a 192.168.1.0/24 address and then sniff the reply from the gateway.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Drusilla August

Drusilla August

Awsome info and right to the point. I am not sure if this is really the best place to ask but do you guys have any ideea where to employ some professional writers? Thanks in advance 🙂

http://www.bastcilkdoptb.com/