Apparently there are 50,000 "owned" Cisco routers out there. With all the
recent attention around IOS vulnerabilities and "infrastructure security" I scoured the Internet for IOS Exploit and auditing tools. The results were quite surprising, although recent information on this topic seems hard to come by.
Firstly, I found this really interesting
site that has a catalogue of 58 various IOS and PIX exploit and auditing tools for download. Some of the more interesting titles are "Cisco Password revealer", "Default password scanner","Cisco Torch mass scanning, fingerprinting, & exploitation tool", "Brute force utility for Cisco password authentication","Cisco Global Exploiter ","Cisco Configuration Security Auditing Tool","Cisco Systems IOS 11.x UDP echo memory leak remote sniffer","Cisco IOS HTTP Server Vulnerability Scanner " and finally some nefarious sounding programs such as "Cisco Cracker" and "Cisco Nuke".
The attack toolkit, called "CISCO Global Exploiter" seems to be the most downloaded and is available
here. It allows anyone to easily launch attacks exploiting ten known, but older vulnerabilities in CISCO IOS devices. The impact of these vulnerabilities range in scope from causing Denial of Service (DOS), to bypassing authentication, and to malicious code execution on the device. While some of these vulnerabilities are old, the tool significantly lowers the barrier to exploitation, and let us not forget that there is a LOT of old IOS out there. The vulnerabilities that it exploits are:
Cisco 677/678 Telnet Buffer Overflow Vulnerability, Cisco IOS Router Denial of Service Vulnerability, Cisco IOS HTTP Auth Vulnerability, Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability, Cisco IOS Software HTTP Request Denial of Service Vulnerability,CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability, Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, Encoding IDS Bypass Vulnerability (UTF), Cisco IOS HTTP Denial of Service Vulnerability.
Then there is a two part SecurityFocus tutorial called "Exploiting Cisco Routers"
Part-1 &
Part-2. It shows step-by-step, with screenshots, how
amazingly simple it is to exploit Cisco routers with the HTTP authorization vulnerability. Really childs play.
Other "interesting sites" that seem very popular for publishing and downloading Cisco exploits are
Getrewted Labs,
Milw0rm , and
HackingSpirits . You can see from these sites that thousands of these exploits have been downloaded already.
Then there is a new book selling on Amazon that will be published in mid December called
Hacking Exposed Cisco Networks . The authors of this book have already published several exploits of new and recent Cisco vulnerabilities on the sites above as part of the research they were conducting in the writing of the book. This is the first book to focus solely on Cisco network hacking, security auditing, and defense issues. Using the proven Hacking Exposed methodology, this book shows you how to locate and patch system vulnerabilities by looking at your Cisco network through the eyes of a hacker. Several thousand books are on order already and this is going to be a highly recommended read for consultants and hackers alike.
The Securiteam site hosts various Cisco IOS testing and auditing tools
:
Cisco IOS HTTP Authorization Exploit Code,
Cisco IOS Heap Exploit Proof of Concept ,Cisco IOS Interface Blocked by IPv4 Packets (Exploit) ,Multiple Cisco Exploit Codes ,Cisco IOS Software keyword parsing vulnerability , Cisco routers vulnerable to information leakageHere is a very popular and highly technical tutorial which "Introduces the reader into the fun land of exploiting a routing device made by Cisco Systems", titled
Burning the bridge : IOS exploits and another titled
A remote Cisco IOS exploitThe most useful and recent tools are available from the Center for Internet Security (CIS) who publish the
IOS Benchmark, Audit Tool, and Configuration Guide . The benchmarks define configuration settings for Cisco IOS and PIX devices. These settings are designed primarily to enhance the security of the device itself. The Router Audit Tool (rat) downloads configurations of devices to be audited (optionally), and then checks them against the settings defined in the benchmark. The Router Security Configuration Guide provides technical guidance intended to help network administrators and security officers improve the security of their networks.
Finally, in addition to the CIS scoring tool and the accompanying benchmark guides, the
National Institute of Standards and Technology maintains a publicly available resource of more than 50 Security Technical Implementation Guides (STIGs) and checklists. Covering a wide variety of platforms, these resources provide a detailed step-by-step approach for implementing and documenting security settings that are the accepted standards of the U.S. government.
If you are in a real "rush" to get something started then see
Lock down IOS & PIX in 10 stepsThis was just the findings after a few hours of browsing the 'Net - it makes one wonder what else is out there...
RELATED TOPICS: Jump to the CiscoGate landing page
CATEGORIES : 1ciscogate, 1exploits, 1tools, 1vulnerability,1ios,1hacking,1best practices