Results 1 to 10 of 33

Thread: user access to switch

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    17

    Default

    I have unauthenticated user access to a Cisco puclic switch facing the Internet. What risk does this present to a company? What would you do with this access? Mainly info gathering? My networking kunf fu is lacking. I am more a Windows kind of guy.

    I have this access via telnet.

  2. #2
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    What you are doing sounds illegal.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by humbleman View Post
    I have unauthenticated user access to a Cisco puclic switch facing the Internet. What risk does this present to a company? What would you do with this access? Mainly info gathering? My networking kunf fu is lacking. I am more a Windows kind of guy.
    I would keep well away from it, who knows it could be part of a honeypot.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    17

    Default

    Sorry. I should have told you that it is my company's public switch. I am doing an external pentest for my company and found it.

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by humbleman View Post
    Sorry. I should have told you that it is my company's public switch. I am doing an external pentest for my company and found it.
    So tell your companies IT guy to fix it.

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by humbleman View Post
    My networking kunf fu is lacking. I am more a Windows kind of guy.
    Quote Originally Posted by humbleman View Post
    Sorry. I should have told you that it is my company's public switch. I am doing an external pentest for my company and found it.
    I doubt your company hired you do a legal external pentest on your live network, especially if you aren't experienced with networking. You could potentially bring down the company's internet or DoS it. Sorry, I just don't buy it.

  7. #7
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    17

    Default

    Well. I can understand you don't believe, but it is true. I work for one of those finanical firms that was hit hard by the foreclusures. We have no money to spend on external consultants and I am the best they got right now. We usually bring in Symantec, but cannot afford it. We are still regulated and have to do the pentest for the feds review. They gave me SANS training and I got certified. I told him you just cannot take me to training and bam..i am a pen tester. Either they didn't believe it or they had no other choice. Anyway...here I am... I can understand if you won't help...at least tell me a risk level ..like low, medium or high..thanks. i cannot guess the enable password.

  8. #8
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    We are still regulated and have to do the pentest for the feds review. They gave me SANS training and I got certified. I told him you just cannot take me to training and bam..i am a pen tester. Either they didn't believe it or they had no other choice. Anyway...here I am... I can understand if you won't help...at least tell me a risk level ..like low, medium or high..thanks. i cannot guess the enable password.
    Are you following some sort of pentest methodology framework?

    This link has some good links to these resources: http://forums.remote-exploit.org/new...n-testing.html

  9. #9
    Just burned his ISO
    Join Date
    Jul 2009
    Posts
    17

    Default

    Yes. I have some good resources from the SANS training and have visited most of those sites you referred me to in the link. I have been researching for a couple days as well, but today is the last day and I have not gotten anywhere. I thought it would be faster to ask on a disucssion forum to get some quick answers or hints about where to go from here. I looked at the arp and found I scanned the hosts my company manages. I looked at the VLANS and interfaces and logs. Info gathering really. I looked at securityfocus and there are no exploits for the IOS version running. I just wanted to make sure I didn't miss a big hole. Any non referenced help would be appreciated. thanks.

    how about a more specific question. In Hydra, when I choose the "cisco" protocol ...what is that trying to guess? The cisco-enable I know and well.not getting anywhere as three attempts and disconnect.

    nevermind,...i found the readme file for hydra and it describes it..

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    If supposedly you work for the company and are the only resource available for the work, why are you bothering trying to run Hydra against it? There are only two outcomes here.

    1) You'll prove that using hydra and some lame dictionary you were unable to brute force it. In which case the company will probably leave telnet administration of the device exposed externally and get owned by someone with greater skills and resources than you.
    OR
    2) You'll waste time breaking it with Hydra, and tell them that telnet administration of the device should not be available externally. Which is what should happen whether you can figure out how to use Hydra or not.

    Exposure of an administrative interface over a clear text protocol (telnet) should be considered a high.
    a) They should use ssh (it's encrypted).
    b) The administrative interface shouldn't even be exposed to the public.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •