Penetration Testing mailing list archives
Re: Mapping a network
From: Zack Payton <zpayton () gmail com>
Date: Tue, 22 Sep 2009 11:23:58 -0500
Forget about scapy or the cisco perl scripts. Use dynamips and get your own virtual router running on their network. But if passive interface is enabled, you're pretty screwed attempting route injection from that vantage point in the network. I would probably resort to arp spoofing to client side browser pwnage and trying to escalate that way. On Tue, Sep 22, 2009 at 10:05 AM, Lee <ler762 () gmail com> wrote:
On 9/22/09, Zack Payton <zpayton () gmail com> wrote:Very nice idea. counter: SNMP string just for the NMS, access list allowing just the NMS to use that string and uRPF enabled on all user subnetsGenerally they won't have passive-interface enabled. Hint: dynamips -> route injection. Bypass all ip filtering.And if they're using eigrp and passive-interface is enabled? I got a perl script for attacking eigrp from a hacking cisco web site, but everything seems to depend on establishing an adjacency first. As far as I can tell, the neighbor has to be on the same subnet & eigrp won't establish an adjacency if the interface is passive, so it seems like route injection is blocked. Is there some way around passive-interface? Lee
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Mapping a network arvind doraiswamy (Sep 14)
- Re: Mapping a network Kurt Buff (Sep 15)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Chris Brenton (Sep 23)
- Re: Mapping a network Zack Payton (Sep 23)
- RE: Mapping a network David_Falloon (Sep 24)
- Re: Mapping a network Elizabeth Greene (Sep 23)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Kurt Buff (Sep 15)