Logo

External Penetration Testing:

1. External Penetration Testing
  1. Penetration Testing of Windows

  2. Self-testing Security

  3. Laptop Hacking

2. Enterprise Penetration Testing
  1. Penetration Testing of your VPN

  2. Domain Controller Penetration Testing

  3. Tools; Metasploit

  4. Choosing a penetration Testing Supplier

3. CISCO Penetration Testing
  1. CISCO Penetration Testing

  2. Scan & Fingerprint

  3. Credentials Guessing

  4. Connect

  5. Vulnerability Assessment

  6. Further your attack

  7. CISCO Command Refference

CISCO Testing - Scan & Fingerprint

  • Port Scanning

    • nmap

    To effectively scan a Cisco device, both TCP and UDP ports across the whole range must be checked.
    There are a number of tools that can achieve the goal, however we will stick with nmap examples.

    TCP scan.
    This will perform a TCP scan, fingerprint, be verbose, scan ports 1-65535 against IP 10.1.1.1 and output the results in normal mode to TCP.scan.txt file.
    nmap -sT -O -v -p 1-65535 <IP> -oN TCP.scan.txt

    UDP scan.
    This will perform a UDP scan, be verbose, scan ports 1.65535 against IP 10.1.1.1 and output the results in normal mode to UDP.scan.txt file.
    nmap -sU -v -p 1-65535 <IP> -oN UDP.scan.txt

    Other tools

    ciscos is a scanner for discovering Cisco devices in a given CIDR network range.

    cisco scanner
    Output stored in cisco.txt
    Usage: ./ciscos <IP> <class> [option]
    Class A scan: ciscos 127 1
    Class B scan: ciscos 127.0 2
    Class C scan: ciscos 127.0.0 3
    [-C <thread>] maximum threads
    [-t <timeout>] seconds before connection timeout

    mass-scanner is a simple scanner for discovering Cisco devices within a given network range.

  • Fingerprinting

    • cisco-torch is a fingerprinter for Cisco routers.

    There are a number of different fingerprinting switches, such as SSH, telnet or HTTP e.g. The -A switch should perform all scans, however I have found it to be unreliable.



    BT cisco-torch-0.4b # cisco-torch.pl -A 10.1.1.175
    Using config file torch.conf...
    Loading include and plugin ...

    #######################################################
    # Cisco Torch Mass Scanner #
    # Becase we need it... #
    # http://www.arhont.com/cisco-torch.pl #
    #######################################################

    List of targets contains 1 host(s)
    14489: Checking 10.1.1.175 ...
    Fingerprint: 2552511255251325525324255253311310
    Description: Cisco IOS host (tested on 2611, 2950 and Aironet 1200 AP)
    Fingerprinting Successful

    Cisco-IOS Webserver found
    HTTP/1.1 401 Unauthorized
    Date: Mon, 01 Mar 1993 00:34:11 GMT
    Server: cisco-IOS
    Accept-Ranges: none
    WWW-Authenticate: Basic realm="level_15_access"
    401 Unauthorized

    Cisco WWW-Authenticate webserver found
    HTTP/1.1 401 Unauthorized
    Date: Mon, 01 Mar 1993 00:34:11 GMT
    Server: cisco-IOS
    Accept-Ranges: none
    WWW-Authenticate: Basic realm="level_15_access"
    401 Unauthorized
    --->
    - All scans done. Cisco Torch Mass Scanner -
    ---> Exiting.

    nmap version scan

    Once open ports have been identified, version scanning should be performed against them. In this example, TCP ports 23 and 80 were found to be open.
    nmap -sV -O -v -p 23,80 <IP> -oN TCP.version.txt

    This should also be performed for open UDP ports, especially the SNMP UDP ports 161 and 162.
    nmap -sV -O -v -p 161,162 <IP> -oN UDP.version.txt

To receive your CISCO Testing , please submit your payment of $1999.00 If more than 100 miles of travel will be required, the additional cost will be billed separatelly.


Business Name:
Contact Information:
Email Address:
URL or IP address:
  

Other members of our business group:
Cloud-Security.us

COPYRIGHT (C) 2000 - 2011 InfoSecPro.com ALL RIGHTS RESERVED