20201202 cisco KDLinux

課堂資料

routersploit 掃 router 設備漏洞/弱點SSORC.tw

https://sites.google.com/a/james-tw.com/j-note/cisco/cisco-she-ding-yuan-duan-lian-xian-telnet-sshsites.google.com

https://david50.pixnet.net/blog/post/45217866-%5B%E7%AD%86%E8%A8%98%5Dcisco%E5%9F%BA%E6%9C%AC%E6%8C%87%E4%BB%A4-%E5%95%9F%E7%94%A8sshdavid50.pixnet.net

https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txtgithub.com

https://netsec.ws/?p=353netsec.ws

建立一個 router 和 Linux，並將它們設置 IP

R1

int e0/0

ip addr 192.168.1.1 255.255.255.0

no shut

line vty 0 4

login

password cisco

transport input telnet

Linux

Linux

eth0 自帶 IP，可以直接 Ping8.8.8.8和www.google.com

時間設置

timedatectl set-timezone Asia/Taipei

更新

systemctl restart ntp.service

ntpd

apt update

apt install curl wget

useradd user

mkdir /home/user -p

chown user:user /home/user

su - user

bash

git clone https://github.com/reverse-shell/routersploit

cd routersploit/

python3 -m pip install -r requirements.txt

python3 rsf.py

use scanners/routers/router_scan

set target 12.1.1.1

run

exit

課堂練習

R1

int e0/0

ip add 12.1.1.1 255.255.255.0

no shut

router rip

ver 2

no auto-summary

network 12.1.1.0

exit

ip domain-name test.com

crypto key generate rsa

ip ssh ver 2

line vty 0 4

login local

transport input ssh

username root privilege 15 password 12345

end

show running-config | inc username

R2

Linux

R2

int e0/2

ip addr dhcp

no shut

do sh ip int brief

exit

enable password 12345

line vty 0 4

password 12345

login

transport input telnet

vm1