Re: Mapping a network

[Zack Payton <zpayton () gmail com>]

Forget about scapy or the cisco perl scripts.  Use dynamips and get
your own virtual router running on their network.
But if passive interface is enabled, you're pretty screwed attempting
route injection from that vantage point in the network.
I would probably resort to arp spoofing to client side browser pwnage
and trying to escalate that way.

On Tue, Sep 22, 2009 at 10:05 AM, Lee <ler762 () gmail com> wrote:
> On 9/22/09, Zack Payton <zpayton () gmail com> wrote:
> > > Very nice idea.  counter: SNMP string just for the NMS, access list
> > > allowing just the NMS to use that string and uRPF enabled on all user
> > > subnets
> >
> > Generally they won't have passive-interface enabled.  Hint: dynamips
> > -> route injection.
> > Bypass all ip filtering.
>
> And if they're using eigrp and passive-interface is enabled?
>
> I got a perl script for attacking eigrp from a hacking cisco web site,
> but everything seems to depend on establishing an adjacency first.  As
> far as I can tell, the neighbor has to be on the same subnet & eigrp
> won't establish an adjacency if the interface is passive, so it seems
> like route injection is blocked.  Is there some way around
> passive-interface?
>
> Lee

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------