What you are doing sounds illegal.
I have unauthenticated user access to a Cisco puclic switch facing the Internet. What risk does this present to a company? What would you do with this access? Mainly info gathering? My networking kunf fu is lacking. I am more a Windows kind of guy.
I have this access via telnet.
What you are doing sounds illegal.
Sorry. I should have told you that it is my company's public switch. I am doing an external pentest for my company and found it.
Well. I can understand you don't believe, but it is true. I work for one of those finanical firms that was hit hard by the foreclusures. We have no money to spend on external consultants and I am the best they got right now. We usually bring in Symantec, but cannot afford it. We are still regulated and have to do the pentest for the feds review. They gave me SANS training and I got certified. I told him you just cannot take me to training and bam..i am a pen tester. Either they didn't believe it or they had no other choice. Anyway...here I am... I can understand if you won't help...at least tell me a risk level ..like low, medium or high..thanks. i cannot guess the enable password.
Are you following some sort of pentest methodology framework?We are still regulated and have to do the pentest for the feds review. They gave me SANS training and I got certified. I told him you just cannot take me to training and bam..i am a pen tester. Either they didn't believe it or they had no other choice. Anyway...here I am... I can understand if you won't help...at least tell me a risk level ..like low, medium or high..thanks. i cannot guess the enable password.
This link has some good links to these resources: http://forums.remote-exploit.org/new...n-testing.html
Yes. I have some good resources from the SANS training and have visited most of those sites you referred me to in the link. I have been researching for a couple days as well, but today is the last day and I have not gotten anywhere. I thought it would be faster to ask on a disucssion forum to get some quick answers or hints about where to go from here. I looked at the arp and found I scanned the hosts my company manages. I looked at the VLANS and interfaces and logs. Info gathering really. I looked at securityfocus and there are no exploits for the IOS version running. I just wanted to make sure I didn't miss a big hole. Any non referenced help would be appreciated. thanks.
how about a more specific question. In Hydra, when I choose the "cisco" protocol ...what is that trying to guess? The cisco-enable I know and well.not getting anywhere as three attempts and disconnect.
nevermind,...i found the readme file for hydra and it describes it..
If supposedly you work for the company and are the only resource available for the work, why are you bothering trying to run Hydra against it? There are only two outcomes here.
1) You'll prove that using hydra and some lame dictionary you were unable to brute force it. In which case the company will probably leave telnet administration of the device exposed externally and get owned by someone with greater skills and resources than you.
2) You'll waste time breaking it with Hydra, and tell them that telnet administration of the device should not be available externally. Which is what should happen whether you can figure out how to use Hydra or not.
Exposure of an administrative interface over a clear text protocol (telnet) should be considered a high.
a) They should use ssh (it's encrypted).
b) The administrative interface shouldn't even be exposed to the public.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.