testing cisco vulnerability and GNS3
Hey all. I've been reading the forum for a few months now and have finally registered. Got on to backtrack from wanting to perform a wireless audit after having read several "WPA is dead/broken" articles that are scattered over google. Great distro, though I know very little about security/pentesting.
I've even been thinking about taking up pentesting career wise, as I've found it's quite entertaining.
I also very much respect that the forum is kept clean from the "how do I crack Wireless, use your neighbor's internet types"
I have had zero linux knowledge before taking up backtrack, but have learned alot already using VMware, virtual box and of course linux. keep up the great work guys!
Now onto my question. It may be somewhat off topic, but I was wondering if anyone has used GNS3 or maybe dynagen for emulating a cisco IOS and doing a pentest on the mounted IOS images. I've used GNS3 a fair bit already, and it's amazing software. Far better than packet tracer or the BOSON netsim router simulations IMHO. As I understand it, you can build a nigh on fully functional VoIP lab with GNS3, even tie it to the internet. For those unfamiliar with GNS3, it's like VMware for running cisco IOSs. I've been lucky enough to utilize an IOS with advanced feature sets that my work allowed me use of. Just wondering if anyone has tried any of the cisco tools on an emulated IOS.
I'm not quite experienced enough to give it a go just yet. I'll need to do some more research before an attempt. Lately I've been spending time researching and testing individual tools. I started with the aircrack suite and cowpatty/genpmk, and have worked into hydra, and done some light reading on metaspliot. Still a long way to go.
And thanks again for the goldmine that this forum is!
I appreciate that the tools, and information for training is out there if one is driven enough to seek it and advance one's career. Very important for me as I cannot afford any schooling or formal training at this point, but am motivated enough to self-teach.
I used GNS3 some times ago to make some debugging on IPSec tunnel, mixing it with externally connected firewall (SSG) and VMWare intalled ubuntu. Thanks to this experience, I can say that, as GNS3 runs a real IOS image, any attack or audit tools targetting IOS will work exactly the same way. The only issue I could see is the resources of the host PC. GNS3 is eating a lot of resources and when building a test network + vmware for backtrack you might encounter delays and timeouts.
GNS3 eats whole bunch of memory while running emulation of IOS.if you want to fix the CPU resource utilization use the Idle-pc value or there are some other tools like BES which I used in conjunction of dynamips and after running 4 7200 series routers,Cisco ASA Firewall my CPU utilization is only 20-25%.its emulated IOS so PT/VA may provide wrong results.
Thanks for the feedback guys! I must agree that setting idle-pc value is a must! I also utilize the ghost IOS feature as often as I can as well, but this assumes that you are running multiple routers of the same platform/IOS image.
Haven't gotten too far with it yet, but I've got GNS3 pretty well optimized for running only a few routers as my host pc is not the most capable, but it can handle three running routers at about 17% load.
I've also switched to virtualbox lately as it has a small footprint storage wise, and I'm hoping also somewhat memory wise, at least as far as the hypervisor is concerned.
I was able to figure out how to get connectivity between emulated routers and backtrack VM fairly easily, although I did have some trouble getting dynamips to start correctly. Last time I ran GNS3 it was on vista.
Functionality should be enough to do the exercises fairly well. I'd like to try some of the routing protocol attacks, as well as maybe bruteforcing the VTY pw maybe. Still have much research to go on the backtrack tools however.
I'll keep posting as I make more progress.