Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:6220055739
HistoryDec 24, 2005 - 12:00 a.m.

Super hacker interview how to attack Cisco router IOS-vulnerability warning-the black bar safety net

2005-12-2400:00:00
佚名
www.myhack58.com
20
JSON

FX is the German hacking group Phenoelit one of the members, well versed in routing protocols. He 2 0 0 1 years with Michael and Lynn similar techniques to compromise a Cisco routerIOSoperating system. The following is his most recent[interview](<http://www.yesky.com/key/1960/171960.html&gt; a).

1)you firstintroduce yourself?

I am a German hacker, the Phenoelit members of the organization. My interest is mainly a variety of protocols, devices, platforms and attacks, which also include the Cisco router.

2)in the Cisco router vulnerability before the event you know Michael Lynn?

He sent me a black hat conference schedule, asked me if I would go to Vegas to see him attack the demo, but I didn’t go.

3)you to Lynn at the black hat Conference on the attack on Cisco routerIOSoperating systemthe demo-held what views?

His method of attack than I used to on IOS to stackoverflow attacksthe method is more ingenious, not to guess so much of the pointer. He also get a virtual terminal(VTY)connection, which is very cool. Of course he is the previous person made on the basis of the results.** 4)you are in when the first completion of the IOS attack?**

2 0 0 1 end of the year.

5)you think before you whether there have been other people using the IOS vulnerability compromised think the client router?

I’m sure before I was done. I’m not arrogant to think of yourself first.** 6)Do you believe that Cisco put pressure on to Lynn in the demo version to remove those Assembly code nothing make sense?**

From a technical standpoint Yes. Lynn’s presentation just describes how to attack a generally principle, the IOS version of variety, from his presentation you can’t give a specific attack method. As far as legal principle is that Cisco do I not quite understand, beyond my knowledge range.

7)Your in 2 0 0 1 year it has been discover how to attack IOS, 4 years after Lynn also came up with similar results. This is also thanks to Cisco sued Lynn, engage the news might spread and thinly veiled。 Some hack for this also organized want to be the first published use of the IOS vulnerability, the shellcode is.

Really? But I did not participate in this race. They want to achieve this goal is not so easy.

8)After independent researchers for the Cisco device security recommendations will not more and more?

I hope so, but they publish the message before the At least first notification of the Cisco product security incident response team(PSIRT) is.

9)from your in on the annual black hat and DEFCON conference papers can be seen, you have successfully break the Cisco router. You take what method?

And Lynn almost. The use of vulnerabilities to perform the attack code is always to go through three steps:first is to trigger the vulnerability, the specific method with the vulnerability;and then use a heap overflow to execute code, this and other stack overflow attack technique similar to the overflow with exploit code coverage, Lynn and I are taking this approach, the difference is that he covers less data, so executing the attack code is more stable;however our third step is not the same.

1 0)you and Lynn method what is the difference?

I more than three years ago, the method did not of his stable. I was using code to replace the router’s configuration file, in the updated version, it is to the router running image patch, in order to obtain command-line access.

1 1)Why don’t you use your shellcode to obtain a virtual terminal(VTY)connection? Is it because you think it is impossible?

There are several aspects of reasons. The first is because I wrote the first attack version of the socket communication to understand also not much, the second is because the port 2 3 is router filtered out, so need to replace the configuration file.

1 2)Your method of attack won’t leave a trace?

Is replaced the configuration file should be considered.:)

1 3)2 0 0 4 year 5 month when some European teenage hacker to steal the IOS source code. But until now, not found any for IOS the new attack. Is no one according to the source code, to achieve attacks, or intentionally not exposed?

You want to attack the router does not need source code. The source code is very long, I don’t think anybody will carefully study it. Even with the code, not the Cisco device is also vain. Most people connected Cisco devices.** 1 4)administrators with a way to verify the IOS image of integrity and to discover whether there is a backdoor?**

With a good IOS image comparison of the SHA-1 hash value.

1 5)so many types of the IOS image can Defense of worms and other hacker attacks?

Can not. Different processor architectures and platforms is the most important defensive measures.

1 6)Lynn says,“Cisco’s future intention to abstract the routeroperating systemof the architecture, doing so will have a negative impact. No need to know the different address of the device offset amount, it is possible for all the router to initiate the attack.” Cisco is doing is not very dangerous?

Do the drawbacks is to facilitate the development of attack techniques, but the benefit is users to IOS patch it without replacing the entire mirror, but also as the launch of the router to add new security features. So says Cisco to do so is a double-edged sword. Unless the Cisco router is installed on the Java virtual machine, different processor architectures will continue to exist indefinitely. But this will cause some new attacks, like the IOS kernel module back door.

1 7)but the patch is still a big problem. Lynn said,“when the network crashes when a How to router patch, by e-mail or CD-ROM? But the router doesn’t have a CD drive.”

This problem is more serious. Now IOS is not patched, directly with the new version replaces the old one. It’s like brushing your PC’s BIOS. More cases, the updated version will bring a lot of compatibility issues. Remote IOS upgrade is not a wise idea.

1 8)many administrators do not upgrade the IOS, and whether you think-from small ISPS to large-scale operators are there to this problem?

Large operators is generally used specifically for their custom IOS mirroring. I doubt they get the upgrade patch will be other people earlier. I think the unspoken rule is a large operator in the first upgrade patch, and then is a small ISP, and large enterprises never upgrade patch. I have seen some companies use IOS or 9. 0 version. Large operators generally to security very seriously, but they don’t tell other people that network security is their lifeline.

1 9)other company’s router products are more secure? Their market share is smaller, the attacker won’t they have too much interest.

Small the company’s products are more insecure, especially in the SOHO market is flooded with poor-quality router products. Cisco products most widely used by hackers attention the most. Now a lot of people the reason to use Firefox, because Microsoft’s IE browser unsafe. If everyone used Firefox, it also will have many loopholes. The router is also true, if people are going to use Juniper router products, it will also appear many loopholes.

2 0)the open sourceOSLinux or BSD ported to the router whether it is feasible? There are currently similar projects?

Now put Linux ported to Cisco 2 5 0 0/3 0 0 0/4 0 0 0 series router project, but I think it a bad upgrade. Cisco router powerful is that the hardware and IOS synergy. You suggest using open source software, I think not as the development of faster computer hardware.

JSON