Latest news
2. /auxiliary/scanner/http/cisco_ios_auth_bypass
Metasploit Express and Metasploit Pro will automatically recognize Cisco IOS HTTP services during a discovery scan, check for these two flaws, and exploit them to gain access to the running device configuration. In addition to these two known vulnerabilities, the device password can also be determined through a brute force attack on the HTTP service. The HTTP protocol is relatively quick to brute force, compared to slower, terminal-based services like Telnet and SSH. Metasploit Express and Metasploit Pro will automatically grab the running device configuration after a successful HTTP brute force of an IOS device.
The next service I want to discuss is SNMP. Oddly enough, SNMP is often left exposed on otherwise secure routers. The reason for this may be the general view of what SNMP is and does. The Simple Network Management Protocol is great for polling information across a wide range of systems in a standard format. Regardless of who built your switch or router, just about any SNMP client and monitoring software will work with that device, provided SNMP is enabled and configured.
What many network administrators don’t realize, is not only the depth of information exposed by SNMP but the fact that a writeable SNMP community can be leveraged to gain complete control over a device. In the case of Cisco IOS, a writeable SNMP community can be used to download the running device configuration AND modify the running configuration. A router with telnet disabled and a complex serial password can be hijacked nearly instantly through a writeable SNMP community. The Metasploit Framework provides a SNMP brute force tool, written as an auxiliary module, which can leverage a wordlist of common passwords to identify valid communities and determine whether they are read-only or read-write. In addition to the basic brute force module, Metasploit now contains a module (submitted by community contributor “pello”), that can use a writeable SNMP community to download the running device configuration.
Spotlight
Information security executives need to be strategic thinkers
Posted on 17 June 2013. | George Baker, the Director of Information Security at Exostar, talks about the challenges in working in a dynamic threat landscape, offers tips for aspiring infosec leaders, and more.
Large orgs in denial about own security breaches?
Posted on 14 June 2013. | Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had.
Vulnerability scanning with PureCloud
Posted on 12 June 2013. | nCircle PureCloud is a cloud-based network security scanning product built upon the companies' vulnerability and risk management system IP360.
To hack back or not to hack back?
Posted on 12 June 2013. | If you think of cyberspace as a new resource for you and your organization, it makes sense to protect your part of it as best you can. But is it a good idea?
Reactions from the security community to the NSA spying scandal
Posted on 11 June 2013. | Read on for comments on this scandal that Help Net Security received from a variety of security professionals and analysts.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
