Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 060769.html (Request Expert securityfocus.com Support)

RE: SSH CRC-32 Compensation Attack Detector Vulnerability on CISCO routers

From: Dario Ciccarone <dciccaro(at)cisco.com>
Date: Mon Jun 02 2003 - 13:23:28 EDT


It's not so easy on IOS . . .

http://www.phrack.org/show.php?p=60&a=7

> -----Original Message-----
h-exploit-
diffs.txt

I'm sure many of you have run into this situation. You find a service or application that is known to be vulnerable, and the client says "show me the 'sploit.'" Normally, that's a great chance to show them what you're capable of. In this case, I told them it is vulnerable (in theory) but I have not seen an exploit for it.

My question is, have any of you guys played with this exploit on Cisco devices? I know that the shellcode would have to change (obviously from /bin/sh to some type of router compromising command like 'ip http server' or 'snmp community h4x0r RW' or something that would give you a nice level of access to the device). The really funny thing is that this exploit has been around so long, and I have yet to hear of someone smashing a router with it.

If you have gotten this to work on a Cisco device, let me know. If not, I am planning on setting up a target router running only ssh for you guys to bang on if you want. I can set up a 25xx, 26xx, or 71xx router for testing, so shoot me an email if you're interested.

-Jeremy 

---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------
Received on Mon Jun 2 14:30:26 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:36 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library